summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Fleischer <lfleischer@archlinux.org>2017-11-05 08:36:23 +0100
committerLukas Fleischer <lfleischer@archlinux.org>2017-11-05 08:36:23 +0100
commitc859e371b0b94bb7ac2db7f7dfaf742a4a1fc6d9 (patch)
tree63df303a67f8dc6b95596d1b48bd6d6ae281fc55
parent6c95fa3d1e4b5f7911b2dbdb94517baeafce11b3 (diff)
downloadaur-c859e371b0b94bb7ac2db7f7dfaf742a4a1fc6d9.tar.gz
aur-c859e371b0b94bb7ac2db7f7dfaf742a4a1fc6d9.zip
Set X-Frame-Options to DENY for all pages
Do not allow to render aurweb pages in a frame to protect against clickjacking. Fixes FS#56168. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-rw-r--r--web/lib/aur.inc.php1
1 files changed, 1 insertions, 0 deletions
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index ce569ea..6cd0451 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -4,6 +4,7 @@ header('Content-Type: text/html; charset=utf-8');
header('Cache-Control: no-cache, must-revalidate');
header('Expires: Tue, 11 Oct 1988 22:00:00 GMT'); // quite a special day
header('Pragma: no-cache');
+header('X-Frame-Options: DENY');
date_default_timezone_set('UTC');