phorge-phorge

revi-archive/phorge-phorge

Fork 0

mirror of https://we.phorge.it/source/phorge.git synced 2024-11-13 10:22:42 +01:00

Commit graph

Author	SHA1	Message	Date
Jason Ge	5284053c0e	Add X-Frame-Options for all response Summary: we use to only add X-Frame-Options for AphrontWebpageResponse. There some security concern about it. Example of a drag-drop attack: http://sites.google.com/site/tentacoloviola/. The fix is to add it to all AphrontResponse. Test Plan: View page which disalble this option still works (like the xhpast tree page); verify that the AphrontAjaxResponse contains the X-Frame-Options in the header. Reviewers: epriestley, benmathews Reviewed By: epriestley CC: nh, aran, jungejason, epriestley Differential Revision: 926	2011-09-14 10:43:24 -07:00
epriestley	16ad2386d8	Javelin integration.	2011-01-25 12:41:55 -08:00

Author

SHA1

Message

Date

Jason Ge

5284053c0e

Add X-Frame-Options for all response

Summary:
we use to only add X-Frame-Options for AphrontWebpageResponse.
There some security concern about it. Example of a drag-drop attack:
http://sites.google.com/site/tentacoloviola/. The fix is to add it to
all AphrontResponse.

Test Plan:
View page which disalble this option still works (like the
xhpast tree page); verify that the AphrontAjaxResponse contains the
X-Frame-Options in the header.

Reviewers: epriestley, benmathews

Reviewed By: epriestley

CC: nh, aran, jungejason, epriestley

Differential Revision: 926

2011-09-14 10:43:24 -07:00

epriestley

16ad2386d8

Javelin integration.

2011-01-25 12:41:55 -08:00

2 commits