From: Thomas Mueller <thomas.mueller@tmit.eu>
Date: Mon, 14 May 2012 13:34:28 +0000 (+0200)
Subject: Prevent Clickjacking by adding additional headers:
X-Git-Tag: v4.0.0RC2~69
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=bda2dbec1f45b3aaed93ade98553e71cf1911d68;p=nextcloud-server.git

Prevent Clickjacking by adding additional headers:
                header('X-Frame-Options: Sameorigin');
                header('X-XSS-Protection: 1; mode=block');
                header('X-Content-Type-Options: nosniff');

Thanks to Lukas Reschke for reporting this issue (and many more).
---

diff --git a/lib/template.php b/lib/template.php
index 57e9c15f5e6..e908c76bfad 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -156,7 +156,10 @@ class OC_Template{
 		$this->application = $app;
 		$this->vars = array();
 		$this->l10n = OC_L10N::get($app);
-
+                header('X-Frame-Options: Sameorigin');
+                header('X-XSS-Protection: 1; mode=block');
+                header('X-Content-Type-Options: nosniff');
+ 
 		$this->findTemplate($name);
 	}