[SIGNED-OFF] Bug 16210: Set X-Frame-Options to SAMEORIGIN in 2 other places

The login page should not be displayed if the page is displayed in a frame. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
8 years ago · 6efa491d1b
1 changed files with 10 additions and 6 deletions
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@ -194,9 +194,11 @@ sub get_template_and_user {

            $template->param( loginprompt => 1 );
            print $in->{query}->header(
-                -type    => 'text/html',
-                -charset => 'utf-8',
-                -cookie  => $cookie,
+                {   type              => 'text/html',
+                    charset           => 'utf-8',
+                    cookie            => $cookie,
+                    'X-Frame-Options' => 'SAMEORIGIN'
+                }
              ),
            $template->output;
            safe_exit;
@ -1307,9 +1309,11 @@ sub checkauth {
    #    $cookie = $query->cookie(CGISESSID => $session->id
    #   );
    print $query->header(
-        -type    => 'text/html',
-        -charset => 'utf-8',
-        -cookie  => $cookie
+        {   type              => 'text/html',
+            charset           => 'utf-8',
+            cookie            => $cookie,
+            'X-Frame-Options' => 'SAMEORIGIN'
+        }
      ),
      $template->output;
    safe_exit;