Dzahn has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/339803 )
Change subject: annualreport: add X-Frame-Options header to Apache config
......................................................................
annualreport: add X-Frame-Options header to Apache config
As recommended by Darian Patrick in T151798#3053857
add X-Frame-Options header with DENY, to prevent click jacking
attacks.
Bug: T151798
Change-Id: I867f4ed771816fa2f546b96f3ae6dd0f855fb90e
---
M modules/annualreport/files/annual.wikimedia.org
1 file changed, 2 insertions(+), 0 deletions(-)
Approvals:
jenkins-bot: Verified
Dzahn: Looks good to me, approved
diff --git a/modules/annualreport/files/annual.wikimedia.org
b/modules/annualreport/files/annual.wikimedia.org
index 2b16bed..568e8de 100644
--- a/modules/annualreport/files/annual.wikimedia.org
+++ b/modules/annualreport/files/annual.wikimedia.org
@@ -11,6 +11,8 @@
LogLevel warn
CustomLog /var/log/apache2/access.log wmf
+ Header always append X-Frame-Options DENY
+
<Directory /srv/org/wikimedia/annualreport>
Require all granted
</Directory>
--
To view, visit https://gerrit.wikimedia.org/r/339803
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I867f4ed771816fa2f546b96f3ae6dd0f855fb90e
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Dpatrick <dpatr...@wikimedia.org>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
