From c886fed9ba6a19fface58c918be5d7b111cca1f3 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 15 May 2012 11:43:50 -0400
Subject: As suggested by wagonza, using SAMEORIGIN for X-Frame-Options is
 sufficient here, and does allow the traffic graphs to work. Fixes #2419

---
 etc/inc/auth.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'etc/inc/auth.inc')

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index d03004d..5b62e6a 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -1410,6 +1410,6 @@ function session_auth() {
 	return true;
 }
 
-Header("X-Frame-Options: DENY"); 
+Header("X-Frame-Options: SAMEORIGIN");
 
 ?>
\ No newline at end of file
-- 
cgit v1.1