[freeside-commits] branch FREESIDE_3_BRANCH updated. cc02a828a03aecd99780bd84a6cec3d375d3b279
Ivan
ivan at 420.am
Tue Jan 5 09:09:12 PST 2016
The branch, FREESIDE_3_BRANCH has been updated
via cc02a828a03aecd99780bd84a6cec3d375d3b279 (commit)
from 66e82f51b41366104ae9acc37c5be149018ec085 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cc02a828a03aecd99780bd84a6cec3d375d3b279
Author: Ivan Kohler <ivan at freeside.biz>
Date: Tue Jan 5 09:09:11 2016 -0800
clickjacking protection: set X-Frame-Options SAMEORIGIN, RT#39607
diff --git a/FS/FS/Mason/Request.pm b/FS/FS/Mason/Request.pm
index 022ff8e..537ba2d 100644
--- a/FS/FS/Mason/Request.pm
+++ b/FS/FS/Mason/Request.pm
@@ -65,6 +65,10 @@ sub freeside_setup {
if fileno(STDOUT) != 1;
}
+ FS::Trace->log(' adding headers');
+ #frame-ancestors not supported by all the major browsers yet
+ $HTML::Mason::Commands::r->header_out( 'X-Frame-Options', 'SAMEORIGIN' );
+
if ( $filename =~ qr(/REST/\d+\.\d+/NoAuth/) ) {
FS::Trace->log(' handling RT REST/NoAuth file');
-----------------------------------------------------------------------
Summary of changes:
FS/FS/Mason/Request.pm | 4 ++++
1 file changed, 4 insertions(+)
More information about the freeside-commits
mailing list