Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1216 from beardog108/security

Browse Source 
Clickjacking attack fix
This commit is contained in:
csoler 2018-03-24 10:18:37 +01:00 committed by GitHub
commit 4be73b7049
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libresapi/src/api/ApiServerMHD.cpp
View File

@ -369,6 +369,9 @@ static void secure_queue_response(MHD_Connection *connection, unsigned int statu
// tell Internet Explorer to not do content sniffing
MHD_add_response_header(response, "X-Content-Type-Options", "nosniff");
// Prevent clickjacking attacks (also prevented by CSP, but not in all browsers, including FireFox)
MHD_add_response_header(response, "X-Frame-Options", "SAMEORIGIN");
// Content security policy header, its a new technology and not implemented everywhere
// get own host name as the browser sees it