Skip to content
Permalink
Browse files Browse the repository at this point in the history
[FIXED SECURITY-80] Add X-Frame-Options head to prevent clickjacking …
…attacks
  • Loading branch information
vjuranek authored and jglick committed Feb 11, 2014
1 parent fbf9673 commit 16931bd
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions core/src/main/resources/lib/layout/layout.jelly
Expand Up @@ -56,6 +56,7 @@ THE SOFTWARE.
<st:header name="Expires" value="0" />
<st:header name="Cache-Control" value="no-cache,must-revalidate" />
<st:header name="X-Hudson-Theme" value="default" />
<st:header name="X-Frame-Options" value="sameorigin" />
<st:contentType value="text/html;charset=UTF-8" />

<j:new var="h" className="hudson.Functions" /><!-- instead of JSP functions -->
Expand Down

0 comments on commit 16931bd

Please sign in to comment.