Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Change X-Frame-Options to SAMEORIGIN to give reasonable click-jacking protection without blocking some client side scripting currently in use by some fossil users. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
b968f023a88a6af5c7bcb6e499c42e31 |
| User & Date: | ben 2011-08-10 15:54:38.677 |
Context
|
2011-08-12
| ||
| 11:54 | When forcing a rollback following an error, reset all SQL statement first so that the rollback can be successful. ... (check-in: 9515143de5 user: drh tags: trunk) | |
|
2011-08-10
| ||
| 15:54 | Change X-Frame-Options to SAMEORIGIN to give reasonable click-jacking protection without blocking some client side scripting currently in use by some fossil users. ... (check-in: b968f023a8 user: ben tags: trunk) | |
|
2011-08-07
| ||
| 22:52 | Fix a (harmless) javascript error that occurs when the graph is empty. ... (check-in: 303dd442fe user: drh tags: trunk) | |
Changes
Changes to src/cgi.c.
| ︙ | ︙ | |||
293 294 295 296 297 298 299 |
}
if( blob_size(&extraHeader)>0 ){
fprintf(g.httpOut, "%s", blob_buffer(&extraHeader));
}
/* Add headers to turn on useful security options in browsers. */
| | | 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 |
}
if( blob_size(&extraHeader)>0 ){
fprintf(g.httpOut, "%s", blob_buffer(&extraHeader));
}
/* Add headers to turn on useful security options in browsers. */
fprintf(g.httpOut, "X-Frame-Options: SAMEORIGIN\r\n");
/* This stops fossil pages appearing in frames or iframes, preventing
** click-jacking attacks on supporting browsers.
**
** Other good headers would be
** Strict-Transport-Security: max-age=62208000
** if we're using https. However, this would break sites which serve different
** content on http and https protocols. Also,
|
| ︙ | ︙ |