Skip to content
Permalink
Browse files Browse the repository at this point in the history
Prevent Clickjacking in CSRF error page
(cherry picked from commit 6026c9d)
  • Loading branch information
jim-p committed Nov 20, 2017
1 parent ae268fd commit 386d89b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/usr/local/www/guiconfig.inc
Expand Up @@ -57,6 +57,7 @@

/* Include authentication routines */
/* THIS MUST BE ABOVE ALL OTHER CODE */
header("X-Frame-Options: SAMEORIGIN");
if (!$nocsrf) {
function csrf_startup() {
global $config;
Expand All @@ -75,7 +76,6 @@ if (!$omit_nocacheheaders) {
header("Pragma: no-cache");
}

header("X-Frame-Options: SAMEORIGIN");
require_once("authgui.inc");

/* parse the configuration and include all configuration functions */
Expand Down

0 comments on commit 386d89b

Please sign in to comment.