diff options
author | Scott Ullrich <sullrich@gmail.com> | 2012-05-10 11:51:09 -0400 |
---|---|---|
committer | Scott Ullrich <sullrich@gmail.com> | 2012-05-10 11:51:09 -0400 |
commit | babac37a3b9a676525fff422011b9f3c0f9bd39f (patch) | |
tree | 3703682174f99431edbcef88913a863010245521 | |
parent | 06f746c35c34077f508a6eee0c86c2788480454d (diff) | |
download | pfsense-babac37a3b9a676525fff422011b9f3c0f9bd39f.zip pfsense-babac37a3b9a676525fff422011b9f3c0f9bd39f.tar.gz |
Add click jacking support. Ticket #2419
-rw-r--r-- | etc/inc/auth.inc | 4 | ||||
-rwxr-xr-x | usr/local/www/fbegin.inc | 4 |
2 files changed, 7 insertions, 1 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 2f66f0a..d03004d 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1410,4 +1410,6 @@ function session_auth() { return true; } -?> +Header("X-Frame-Options: DENY"); + +?>
\ No newline at end of file diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index f24fc7d..1aad755 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -1,5 +1,9 @@ <script src="/javascript/sorttable.js"></script> +<style id="antiClickjack">body{display:none}</style> <script type="text/JavaScript"> +if (self === top) { var antiClickjack = document.getElementByID("antiClickjack"); antiClickjack.parentNode.removeChild(antiClickjack); +} else { top.location = self.location; +}</script> <?php /* |