Homestyx hydra
Diffusion hydra 5284053c0e30

Add X-Frame-Options for all response
5284053c0e30
Actions

Description

Add X-Frame-Options for all response

Summary:
we use to only add X-Frame-Options for AphrontWebpageResponse.
There some security concern about it. Example of a drag-drop attack:
http://sites.google.com/site/tentacoloviola/. The fix is to add it to
all AphrontResponse.

Test Plan:
View page which disalble this option still works (like the
xhpast tree page); verify that the AphrontAjaxResponse contains the
X-Frame-Options in the header.

Reviewers: epriestley, benmathews

Reviewed By: epriestley

CC: nh, aran, jungejason, epriestley

Differential Revision: 926

Details

Provenance
Jason GeAuthored on Sep 13 2011, 7:38 PM
sirocylPushed on Oct 16 2024, 5:49 AM
Parents
R1:2f218ac745d5: Provide more thorough defaults in the configuration guide template
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (5)

PathSize
src/
aphront/
response/
ajax/
base/
file/
redirect/
webpage/

R1:5284053c0e30

View Options

src/aphront/response/ajax/AphrontAjaxResponse.php

Loading...
View Options

src/aphront/response/base/AphrontResponse.php

Loading...
View Options

src/aphront/response/file/AphrontFileResponse.php

Loading...
View Options

src/aphront/response/redirect/AphrontRedirectResponse.php

Loading...
View Options

src/aphront/response/webpage/AphrontWebpageResponse.php

Loading...
styx copyright 2020 sirocyl / ellie (kymkdd) / ncommander / styx contributors
Use of other names and brands is not intended to reflect a claim of, or right to, use the name or brand.
styx is an operating system using the Linux kernel and components, and "styx Linux" as a phrase does not reflect the inclusion of the Linux brand or trademark in the styx project.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Terms and Conditions (TODO: fix this!)