ui: a bit of OCD, setting the header...

should not be tampered with so it's probably better to move it into the commented CSRF area to raise its importance.
opnsense · Nov 29, 2017 · bdecf7e · bdecf7e
1 parent 9e20956
commit bdecf7e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/www/guiconfig.inc b/src/www/guiconfig.inc
@@ -34,8 +34,8 @@ require_once("config.inc");
 
 /* CSRF BEGIN: CHECK MUST BE EXECUTED FIRST; NO EXCEPTIONS */
 require_once('csrf.inc');
+header('X-Frame-Options: SAMEORIGIN');
 /* CSRF END: THANK YOU FOR YOUR COOPERATION */
-header("X-Frame-Options: SAMEORIGIN");
 
 function get_current_theme()
 {