WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

prevent clickjacking

This commit is contained in:
Roland Gruber 2015-12-19 09:31:21 +00:00
parent 36f054b84e
commit c02f80d996
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lam/lib/security.inc
View File

@ -38,6 +38,8 @@ include_once('account.inc');
// check client IP address // check client IP address
checkClientIP(); checkClientIP();
setLAMHeaders();
/** /**
* Starts a session and checks the environment. * Starts a session and checks the environment.
* The script is stopped if one of the checks fail (timeout redirection may be overriden). * The script is stopped if one of the checks fail (timeout redirection may be overriden).
@ -556,4 +558,14 @@ function getSecurityTokenValue() {
return $_SESSION[getSecurityTokenName()]; return $_SESSION[getSecurityTokenName()];
} }
/**
* Sets the X-Frame-Options and Content-Security-Policy header to prevent clickjacking.
*/
function setLAMHeaders() {
if (!headers_sent()) {
header('X-Frame-Options: sameorigin');
header('Content-Security-Policy: frame-ancestors \'self\'');
}
}
?> ?>