Diffusion Phorge 5284053c0e30

Add X-Frame-Options for all response
5284053c0e30
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

Add X-Frame-Options for all response

Summary:
we use to only add X-Frame-Options for AphrontWebpageResponse.
There some security concern about it. Example of a drag-drop attack:
http://sites.google.com/site/tentacoloviola/. The fix is to add it to
all AphrontResponse.

Test Plan:
View page which disalble this option still works (like the
xhpast tree page); verify that the AphrontAjaxResponse contains the
X-Frame-Options in the header.

Reviewers: epriestley, benmathews

Reviewed By: epriestley

CC: nh, aran, jungejason, epriestley

Differential Revision: 926

Details

Provenance

Jason Ge	Authored on Sep 13 2011, 4:38 PM
themackabu	Pushed on Mar 25 2025, 8:07 PM

Parents

rP2f218ac745d5: Provide more thorough defaults in the configuration guide template

Branches

Unknown

Tags

Unknown

Event Timeline

Changes (5)

Path

Size

src/

aphront/

response/

ajax/

AphrontAjaxResponse.php

base/

AphrontResponse.php

file/

AphrontFileResponse.php

redirect/

AphrontRedirectResponse.php

webpage/

AphrontWebpageResponse.php

rP5284053c0e30

src/aphront/response/ajax/AphrontAjaxResponse.php

Loading...

src/aphront/response/base/AphrontResponse.php

Loading...

src/aphront/response/file/AphrontFileResponse.php

Loading...

src/aphront/response/redirect/AphrontRedirectResponse.php

Loading...

src/aphront/response/webpage/AphrontWebpageResponse.php

Loading...