From 7729ace7fa6fae2aec48abe80ea36d4f81197cbe Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Fri, 8 Apr 2016 10:04:20 +0100 Subject: [PATCH] Bug 16210: Set X-Frame-Options to SAMEORIGIN in 2 other places MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The login page should not be displayed if the page is displayed in a frame. Signed-off-by: Marc Véron Signed-off-by: Katrin Fischer Signed-off-by: Brendan Gallagher (cherry picked from commit 6efa491d1b2f92fa407aa49c7b678f9b642fc83f) Signed-off-by: Julian Maurice --- C4/Auth.pm | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 068187cfb6..c8b19b4848 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -193,9 +193,11 @@ sub get_template_and_user { $template->param( loginprompt => 1 ); print $in->{query}->header( - -type => 'text/html', - -charset => 'utf-8', - -cookie => $cookie, + { type => 'text/html', + charset => 'utf-8', + cookie => $cookie, + 'X-Frame-Options' => 'SAMEORIGIN' + } ), $template->output; safe_exit; @@ -1296,9 +1298,11 @@ sub checkauth { # $cookie = $query->cookie(CGISESSID => $session->id # ); print $query->header( - -type => 'text/html', - -charset => 'utf-8', - -cookie => $cookie + { type => 'text/html', + charset => 'utf-8', + cookie => $cookie, + 'X-Frame-Options' => 'SAMEORIGIN' + } ), $template->output; safe_exit; -- 2.39.5