mirror of
https://github.com/nextcloud/server.git
synced 2026-04-15 22:11:17 -04:00
Prevent Clickjacking by adding additional headers:
header('X-Frame-Options: Sameorigin');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
Thanks to Lukas Reschke for reporting this issue (and many more).
This commit is contained in:
Thomas Mueller
parent
0c8740c1d5
commit
bda2dbec1f
1 changed files with 4 additions and 1 deletions
|
|
@ -156,7 +156,10 @@ class OC_Template{
|
|||
$this->application = $app;
|
||||
$this->vars = array();
|
||||
$this->l10n = OC_L10N::get($app);
|
||||
|
||||
header('X-Frame-Options: Sameorigin');
|
||||
header('X-XSS-Protection: 1; mode=block');
|
||||
header('X-Content-Type-Options: nosniff');
|
||||
|
||||
$this->findTemplate($name);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue