header('X-Frame-Options: Sameorigin'); header('X-XSS-Protection: 1; mode=block'); header('X-Content-Type-Options: nosniff'); Thanks to Lukas Reschke for reporting this issue (and many more).tags/v4.0.0RC2
@@ -156,7 +156,10 @@ class OC_Template{ | |||
$this->application = $app; | |||
$this->vars = array(); | |||
$this->l10n = OC_L10N::get($app); | |||
header('X-Frame-Options: Sameorigin'); | |||
header('X-XSS-Protection: 1; mode=block'); | |||
header('X-Content-Type-Options: nosniff'); | |||
$this->findTemplate($name); | |||
} | |||