From 50f5286ffbc6a675f97faf629893d2e248382396 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 6 Nov 2012 11:51:44 -0800
Subject: Elevate X-Frame-Options from all admin and user pages to all PHP
 responses.  Fixes #1922.

---
 index.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'index.php')

diff --git a/index.php b/index.php
index 9a6cc2ea..e6540791 100644
--- a/index.php
+++ b/index.php
@@ -51,6 +51,9 @@ ini_set("display_errors", false);
 // Ajax code.
 ini_set("session.use_trans_sid", false);
 
+// Restrict all response frames to the same origin for security
+header("X-Frame-Options: SAMEORIGIN");
+
 define("EXT", ".php");
 define("DOCROOT", getcwd() . "/");
 define("KOHANA",  "index.php");
-- 
cgit v1.2.3