Skip to content

Commit

Permalink
Specify response header X-Frame-Options SAMEORIGIN for generated pages
Browse files Browse the repository at this point in the history
  • Loading branch information
@gitblit
gitblit committed Sep 5, 2014
1 parent fcfcd84 commit 71647a6
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/main/java/com/gitblit/wicket/pages/BasePage.java
View file
Expand Up @@ -166,6 +166,9 @@ protected void setHeaders(WebResponse response) {
// use default Wicket caching behavior
super.setHeaders(response);
}

// XRF vulnerability. issue-500 / ticket-166
response.setHeader("X-Frame-Options", "SAMEORIGIN");
}

/**
Expand Down

0 comments on commit 71647a6

Please sign in to comment.