Improve clickjacking protection: bust frame or disable all form elements and abort UI initialization

git-svn-id: https://svn.roundcube.net/trunk@5476 208e9e7b-5314-0410-a742-e7e81cd9613c
author: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2011-11-23 18:53:58 +0000
committer: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2011-11-23 18:53:58 +0000
commit: 51b94df0049f3855d6660ddbfa8c81da28d7cb8a (patch)
tree: 48a3189ae8360f555c646239816cf5c2b286ad30 /roundcubemail/program/include
parent: 51e1ea40b9d6668c6c2dba6a0eb8d23dc9a5edef (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/roundcubemail/program/include/rcube_template.php b/roundcubemail/program/include/rcube_template.php
index 1a82f7e6e..ea221767c 100755
--- a/roundcubemail/program/include/rcube_template.php
+++ b/roundcubemail/program/include/rcube_template.php
@@ -71,6 +71,7 @@ class rcube_template extends rcube_html_page
 
         //$this->framed = $framed;
         $this->set_env('task', $task);
+        $this->set_env('x_frame_options', $this->app->config->get('x_frame_options', 'sameorigin'));
 
         // load the correct skin (in case user-defined)
         $this->set_skin($this->config['skin']);
author	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2011-11-23 18:53:58 +0000
committer	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2011-11-23 18:53:58 +0000
commit	51b94df0049f3855d6660ddbfa8c81da28d7cb8a (patch)
tree	48a3189ae8360f555c646239816cf5c2b286ad30 /roundcubemail/program/include
parent	51e1ea40b9d6668c6c2dba6a0eb8d23dc9a5edef (diff)