From 6efa491d1b2f92fa407aa49c7b678f9b642fc83f Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Fri, 8 Apr 2016 10:04:20 +0100 Subject: [PATCH] [SIGNED-OFF] Bug 16210: Set X-Frame-Options to SAMEORIGIN in 2 other places MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The login page should not be displayed if the page is displayed in a frame. Signed-off-by: Marc Véron Signed-off-by: Katrin Fischer Signed-off-by: Brendan Gallagher --- C4/Auth.pm | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index bff7fcdaba..e3aececa32 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -194,9 +194,11 @@ sub get_template_and_user { $template->param( loginprompt => 1 ); print $in->{query}->header( - -type => 'text/html', - -charset => 'utf-8', - -cookie => $cookie, + { type => 'text/html', + charset => 'utf-8', + cookie => $cookie, + 'X-Frame-Options' => 'SAMEORIGIN' + } ), $template->output; safe_exit; @@ -1307,9 +1309,11 @@ sub checkauth { # $cookie = $query->cookie(CGISESSID => $session->id # ); print $query->header( - -type => 'text/html', - -charset => 'utf-8', - -cookie => $cookie + { type => 'text/html', + charset => 'utf-8', + cookie => $cookie, + 'X-Frame-Options' => 'SAMEORIGIN' + } ), $template->output; safe_exit; -- 2.39.5