Commit: 6656eea531cf1e88c9ae216b93fe5282394eee18 Author: Hannes Magnusson <[email protected]> Thu, 8 May 2014 10:21:22 -0700 Parents: e27550a532daaf8f996747ca20ae900493b2ddbc Branches: master
Link: http://git.php.net/?p=web/php.git;a=commitdiff;h=6656eea531cf1e88c9ae216b93fe5282394eee18 Log: Fix Clickjacking Attacks. Reported by Joel Melegrito Changed paths: M include/prepend.inc Diff: diff --git a/include/prepend.inc b/include/prepend.inc index e6a58a0..ba35c69 100644 --- a/include/prepend.inc +++ b/include/prepend.inc @@ -33,6 +33,9 @@ if (isset($_SERVER["HTTP_ORIGIN"])) { header("Access-Control-Allow-Headers: $headers"); } } +/* Clickjacking workaround. Nothing should be in a frame so it could technically be 'deny' + * but it doesn't make any difference anyway */ +header("X-Frame-Options: SAMEORIGIN"); // Be 100% sure the timezone is set if (ini_get("date.timezone") === "" && function_exists("date_default_timezone_set")) { -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
