[freeside-commits] branch master updated. b36fd164c990208bb1c37f40ee1887996442f94e
Ivan
ivan at 420.am
Tue Jan 5 09:09:09 PST 2016
The branch, master has been updated
via b36fd164c990208bb1c37f40ee1887996442f94e (commit)
from d0fc25693dd91869c6e1fe1372bcae35fde1a827 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b36fd164c990208bb1c37f40ee1887996442f94e
Author: Ivan Kohler <ivan at freeside.biz>
Date: Tue Jan 5 09:09:08 2016 -0800
clickjacking protection: set X-Frame-Options SAMEORIGIN, RT#39607
diff --git a/FS/FS/Mason/Request.pm b/FS/FS/Mason/Request.pm
index 2cf1ed9..b33efcc 100644
--- a/FS/FS/Mason/Request.pm
+++ b/FS/FS/Mason/Request.pm
@@ -65,6 +65,10 @@ sub freeside_setup {
if fileno(STDOUT) != 1;
}
+ FS::Trace->log(' adding headers');
+ #frame-ancestors not supported by all the major browsers yet
+ $HTML::Mason::Commands::r->header_out( 'X-Frame-Options', 'SAMEORIGIN' );
+
if ( $filename =~ qr(/REST/\d+\.\d+/NoAuth/) ) {
FS::Trace->log(' handling RT REST/NoAuth file');
-----------------------------------------------------------------------
Summary of changes:
FS/FS/Mason/Request.pm | 4 ++++
1 file changed, 4 insertions(+)
More information about the freeside-commits
mailing list