diff options
| author | Thomas Mueller <thomas.mueller@tmit.eu> | 2012-05-14 15:34:28 +0200 |
|---|---|---|
| committer | Thomas Mueller <thomas.mueller@tmit.eu> | 2012-05-14 15:34:28 +0200 |
| commit | bda2dbec1f45b3aaed93ade98553e71cf1911d68 (patch) | |
| tree | 4887045d23954cf67214097cae775939967bbcfc /lib/template.php | |
| parent | 0c8740c1d598a4b37af59bfd3e7e4f0c8a58e513 (diff) | |
| download | nextcloud-server-bda2dbec1f45b3aaed93ade98553e71cf1911d68.tar.gz nextcloud-server-bda2dbec1f45b3aaed93ade98553e71cf1911d68.zip | |
Prevent Clickjacking by adding additional headers:
header('X-Frame-Options: Sameorigin');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
Thanks to Lukas Reschke for reporting this issue (and many more).
Diffstat (limited to 'lib/template.php')
| -rw-r--r-- | lib/template.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/template.php b/lib/template.php index 57e9c15f5e6..e908c76bfad 100644 --- a/lib/template.php +++ b/lib/template.php @@ -156,7 +156,10 @@ class OC_Template{ $this->application = $app; $this->vars = array(); $this->l10n = OC_L10N::get($app); - + header('X-Frame-Options: Sameorigin'); + header('X-XSS-Protection: 1; mode=block'); + header('X-Content-Type-Options: nosniff'); + $this->findTemplate($name); } |