Changeset 2797:4a5f0d16acd2 for inc/public/lib.urlhandlers.php

Timestamp:

11/17/14 10:30:07 (11 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

Add an optional setting (blog pref) to prevent blog from Clickjacking

File:

• inc/public/lib.urlhandlers.php (modified) (1 diff)

inc/public/lib.urlhandlers.php

@@ -110 +110 @@
 
           header('Content-Type: '.$_ctx->content_type.'; charset=UTF-8');
+
+          if ($core->blog->settings->system->prevents_clickjacking) {
+               // Prevents Clickjacking as far as possible
+               header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
+          }
+
           $result['content'] = $core->tpl->getData($_ctx->current_tpl);
           $result['content_type'] = $_ctx->content_type;