[freeside-commits] branch FREESIDE_4_BRANCH updated. b3d694a31fe4ba77c987bbc84a02ba8b277a37f2
Ivan
ivan at 420.am
Tue Jan 5 09:09:10 PST 2016
The branch, FREESIDE_4_BRANCH has been updated
via b3d694a31fe4ba77c987bbc84a02ba8b277a37f2 (commit)
from 0070abc9190436fc6cc6ff908345bb24e19e388a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b3d694a31fe4ba77c987bbc84a02ba8b277a37f2
Author: Ivan Kohler <ivan at freeside.biz>
Date: Tue Jan 5 09:09:10 2016 -0800
clickjacking protection: set X-Frame-Options SAMEORIGIN, RT#39607
diff --git a/FS/FS/Mason/Request.pm b/FS/FS/Mason/Request.pm
index 2cf1ed9..b33efcc 100644
--- a/FS/FS/Mason/Request.pm
+++ b/FS/FS/Mason/Request.pm
@@ -65,6 +65,10 @@ sub freeside_setup {
if fileno(STDOUT) != 1;
}
+ FS::Trace->log(' adding headers');
+ #frame-ancestors not supported by all the major browsers yet
+ $HTML::Mason::Commands::r->header_out( 'X-Frame-Options', 'SAMEORIGIN' );
+
if ( $filename =~ qr(/REST/\d+\.\d+/NoAuth/) ) {
FS::Trace->log(' handling RT REST/NoAuth file');
-----------------------------------------------------------------------
Summary of changes:
FS/FS/Mason/Request.pm | 4 ++++
1 file changed, 4 insertions(+)
More information about the freeside-commits
mailing list