git.shiar.nl
/
minimedit.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
ead5bed
)
page: disallow frame ancestors to prevent clickjacking
author
Mischa POSLAWSKY
<perl@shiar.org>
Sat, 16 May 2020 22:17:23 +0000
(
00:17
+0200)
committer
Mischa POSLAWSKY
<perl@shiar.org>
Sat, 16 May 2020 22:17:23 +0000
(
00:17
+0200)
Security policy recommended by Dareboost, to stop potential malicious page
embedding. Support should be decent (enough), so do not bother with an
equivalent X-Frame-Options directive for compatibility.
page.php
patch
|
blob
|
history
diff --git
a/page.php
b/page.php
index 12e06900b22d1993f3aa2f0aaa8dd0ffff523a18..3dd8cba7f290facb110232f0bbd2f105f95bdb33 100644
(file)
--- a/
page.php
+++ b/
page.php
@@
-159,6
+159,8
@@
if ($PageAccess = $Article->restricted) {
# prepare page contents
+header("Content-Security-Policy: frame-ancestors 'none'");
+
ob_start(); # page body
$Place = [
'user' => $User ? $User->login : '',