Commit c859e371 authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

Set X-Frame-Options to DENY for all pages



Do not allow to render aurweb pages in a frame to protect against
clickjacking.

Fixes FS#56168.

Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
parent 6c95fa3d
......@@ -4,6 +4,7 @@ header('Content-Type: text/html; charset=utf-8');
header('Cache-Control: no-cache, must-revalidate');
header('Expires: Tue, 11 Oct 1988 22:00:00 GMT'); // quite a special day
header('Pragma: no-cache');
header('X-Frame-Options: DENY');
date_default_timezone_set('UTC');
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment