5 Nov
2017
5 Nov
'17
2:57 a.m.
Do not allow to render aurweb pages in a frame to protect against clickjacking. Fixes FS#56168. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org> --- web/lib/aur.inc.php | 1 + 1 file changed, 1 insertion(+) diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index ce569ea..6cd0451 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -4,6 +4,7 @@ header('Content-Type: text/html; charset=utf-8'); header('Cache-Control: no-cache, must-revalidate'); header('Expires: Tue, 11 Oct 1988 22:00:00 GMT'); // quite a special day header('Pragma: no-cache'); +header('X-Frame-Options: DENY'); date_default_timezone_set('UTC'); -- 2.15.0