mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-21 21:10:56 +01:00
No description
5284053c0e
Summary: we use to only add X-Frame-Options for AphrontWebpageResponse. There some security concern about it. Example of a drag-drop attack: http://sites.google.com/site/tentacoloviola/. The fix is to add it to all AphrontResponse. Test Plan: View page which disalble this option still works (like the xhpast tree page); verify that the AphrontAjaxResponse contains the X-Frame-Options in the header. Reviewers: epriestley, benmathews Reviewed By: epriestley CC: nh, aran, jungejason, epriestley Differential Revision: 926 |
||
---|---|---|
bin | ||
conf | ||
externals | ||
resources | ||
scripts | ||
src | ||
support/aphlict | ||
webroot | ||
.arcconfig | ||
.divinerconfig | ||
.gitignore | ||
.gitmodules | ||
CHANGELOG | ||
README |
Phabricator is a open source collection of web applications which make it easier to write, review, and share source code. Phabricator was developed at Facebook. This is an early release. It's pretty high-quality and usable, but under active development so things may change quickly. You can learn more about the project and find links to documentation and resources at: http://phabricator.org/ LICENSE Phabricator is released under the Apache 2.0 license except as otherwise noted. http://www.apache.org/licenses/LICENSE-2.0