mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1008 Wiki Activity
Browse Source

Prevent Clickjacking by adding additional headers: 

                header('X-Frame-Options: Sameorigin');
                header('X-XSS-Protection: 1; mode=block');
                header('X-Content-Type-Options: nosniff');

Thanks to Lukas Reschke for reporting this issue (and many more).
tags/v4.0.0RC2
Thomas Mueller 12 years ago
parent
0c8740c1d5
commit
bda2dbec1f
1 changed files with 4 additions and 1 deletions
Split View Show Diff Stats
  1. 4
    1
      lib/template.php

+ 4
- 1
lib/template.php View File

@@ -156,7 +156,10 @@ class OC_Template{
$this->application = $app;
$this->vars = array();
$this->l10n = OC_L10N::get($app);

header('X-Frame-Options: Sameorigin');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
$this->findTemplate($name);
}


Write Preview
Loading…
Cancel
Save