From 7729ace7fa6fae2aec48abe80ea36d4f81197cbe Mon Sep 17 00:00:00 2001
From: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Date: Fri, 8 Apr 2016 10:04:20 +0100
Subject: [PATCH] Bug 16210: Set X-Frame-Options to SAMEORIGIN in 2 other
 places
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

The login page should not be displayed if the page is displayed in a
frame.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 6efa491d1b2f92fa407aa49c7b678f9b642fc83f)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
---
 C4/Auth.pm | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/C4/Auth.pm b/C4/Auth.pm
index 068187cfb6..c8b19b4848 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -193,9 +193,11 @@ sub get_template_and_user {
 
             $template->param( loginprompt => 1 );
             print $in->{query}->header(
-                -type    => 'text/html',
-                -charset => 'utf-8',
-                -cookie  => $cookie,
+                {   type              => 'text/html',
+                    charset           => 'utf-8',
+                    cookie            => $cookie,
+                    'X-Frame-Options' => 'SAMEORIGIN'
+                }
               ),
             $template->output;
             safe_exit;
@@ -1296,9 +1298,11 @@ sub checkauth {
     #    $cookie = $query->cookie(CGISESSID => $session->id
     #   );
     print $query->header(
-        -type    => 'text/html',
-        -charset => 'utf-8',
-        -cookie  => $cookie
+        {   type              => 'text/html',
+            charset           => 'utf-8',
+            cookie            => $cookie,
+            'X-Frame-Options' => 'SAMEORIGIN'
+        }
       ),
       $template->output;
     safe_exit;
-- 
2.39.5