Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed clickjacking attack with x-frame-options

Browse Source
This commit is contained in:
Kevin Froman 2018-03-23 23:00:27 -05:00
parent 24d1f5d9eb
commit 599c3d4c0f
No known key found for this signature in database
GPG Key ID: 0D414D0FE405B63B
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libresapi/src/api/ApiServerMHD.cpp
View File

@ -369,6 +369,9 @@ static void secure_queue_response(MHD_Connection *connection, unsigned int statu
// tell Internet Explorer to not do content sniffing
MHD_add_response_header(response, "X-Content-Type-Options", "nosniff");
// Prevent clickjacking attacks (also prevented by CSP, but not in all browsers, including FireFox)
MHD_add_response_header(response, "X-Frame-Options", "SAMEORIGIN");
// Content security policy header, its a new technology and not implemented everywhere
// get own host name as the browser sees it