Elevate X-Frame-Options from all admin and user pages to all PHP

responses. Fixes #1922.
author: Bharat Mediratta <bharat@menalto.com> 2012-11-06 11:51:44 -0800
committer: Bharat Mediratta <bharat@menalto.com> 2012-11-06 11:51:44 -0800
commit: 50f5286ffbc6a675f97faf629893d2e248382396 (patch)
tree: 1a4e0f5601d38fc5ab18d79e76bcc08fc4afedf0 /index.php
parent: 7a53cebd29c00afbc53ab5c60f8980d8b6d204a0 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/index.php b/index.php
index 9a6cc2ea..e6540791 100644
--- a/index.php
+++ b/index.php
@@ -51,6 +51,9 @@ ini_set("display_errors", false);
 // Ajax code.
 ini_set("session.use_trans_sid", false);
 
+// Restrict all response frames to the same origin for security
+header("X-Frame-Options: SAMEORIGIN");
+
 define("EXT", ".php");
 define("DOCROOT", getcwd() . "/");
 define("KOHANA",  "index.php");
author	Bharat Mediratta <bharat@menalto.com>	2012-11-06 11:51:44 -0800
committer	Bharat Mediratta <bharat@menalto.com>	2012-11-06 11:51:44 -0800
commit	50f5286ffbc6a675f97faf629893d2e248382396 (patch)
tree	1a4e0f5601d38fc5ab18d79e76bcc08fc4afedf0 /index.php
parent	7a53cebd29c00afbc53ab5c60f8980d8b6d204a0 (diff)