Commit: 26af598f904104addf472c6f7bcb976b4f1ffb5b Author: Hannes Magnusson <[email protected]> Thu, 8 May 2014 10:21:22 -0700 Parents: 11d6601c2e7d130b4b0645ccc969bc8dcd97d65b Branches: master
Link: http://git.php.net/?p=web/php.git;a=commitdiff;h=26af598f904104addf472c6f7bcb976b4f1ffb5b Log: Fix Clickjacking Attacks. Reported by Joel Melegrito Changed paths: M include/prepend.inc Diff: diff --git a/include/prepend.inc b/include/prepend.inc index e6a58a0..ba35c69 100644 --- a/include/prepend.inc +++ b/include/prepend.inc @@ -33,6 +33,9 @@ if (isset($_SERVER["HTTP_ORIGIN"])) { header("Access-Control-Allow-Headers: $headers"); } } +/* Clickjacking workaround. Nothing should be in a frame so it could technically be 'deny' + * but it doesn't make any difference anyway */ +header("X-Frame-Options: SAMEORIGIN"); // Be 100% sure the timezone is set if (ini_get("date.timezone") === "" && function_exists("date_default_timezone_set")) { -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
