Add "X-Frame-Options: SAMEORIGIN" to all pages. Fixes #1850.

author: Bharat Mediratta <bharat@menalto.com> 2012-05-05 21:24:25 -0700
committer: Bharat Mediratta <bharat@menalto.com> 2012-05-05 21:24:25 -0700
commit: b839be36bf2b43643b156cb26aa29d0ade80bdd3 (patch)
tree: 1afbd8b33b151ad714784b07a13ecaa2fb8e3689 /themes
parent: fd152956426f93c4b5231f89f9c6375a2d4dda4a (diff)
2 files changed, 2 insertions, 0 deletions
diff --git a/themes/admin_wind/views/admin.html.php b/themes/admin_wind/views/admin.html.php
index 9a149149..0300f7af 100644
--- a/themes/admin_wind/views/admin.html.php
+++ b/themes/admin_wind/views/admin.html.php
@@ -1,4 +1,5 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
+<?php header("X-Frame-Options: SAMEORIGIN"); ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" <?= $theme->html_attributes() ?> xml:lang="en" lang="en">
diff --git a/themes/wind/views/page.html.php b/themes/wind/views/page.html.php
index 18ade97f..c3e212c5 100644
--- a/themes/wind/views/page.html.php
+++ b/themes/wind/views/page.html.php
@@ -1,4 +1,5 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
+<?php header("X-Frame-Options: SAMEORIGIN"); ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
           "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" <?= $theme->html_attributes() ?> xml:lang="en" lang="en">
author	Bharat Mediratta <bharat@menalto.com>	2012-05-05 21:24:25 -0700
committer	Bharat Mediratta <bharat@menalto.com>	2012-05-05 21:24:25 -0700
commit	b839be36bf2b43643b156cb26aa29d0ade80bdd3 (patch)
tree	1afbd8b33b151ad714784b07a13ecaa2fb8e3689 /themes
parent	fd152956426f93c4b5231f89f9c6375a2d4dda4a (diff)