Diffusion Phabricator 5284053c0e30

Add X-Frame-Options for all response
5284053c0e30Unpublished
Actions

Tags

None

Subscribers

None

Unpublished Commit · Learn More

No further details are available.

Description

Add X-Frame-Options for all response

Summary:
we use to only add X-Frame-Options for AphrontWebpageResponse.
There some security concern about it. Example of a drag-drop attack:
http://sites.google.com/site/tentacoloviola/. The fix is to add it to
all AphrontResponse.

Test Plan:
View page which disalble this option still works (like the
xhpast tree page); verify that the AphrontAjaxResponse contains the
X-Frame-Options in the header.

Reviewers: epriestley, benmathews

Reviewed By: epriestley

CC: nh, aran, jungejason, epriestley

Differential Revision: 926

Details

Provenance

Authored on

Reviewer

Differential Revision

Restricted Differential Revision

Parents

rP2f218ac745d5: Provide more thorough defaults in the configuration guide template

Branches

Unknown

Tags

Unknown

Event Timeline

Changes (5)

Path

Size

src/

aphront/

response/

ajax/

AphrontAjaxResponse.php

base/

AphrontResponse.php

file/

AphrontFileResponse.php

redirect/

AphrontRedirectResponse.php

webpage/

AphrontWebpageResponse.php

rP5284053c0e30

src/aphront/response/ajax/AphrontAjaxResponse.php

Loading...

src/aphront/response/base/AphrontResponse.php

Loading...

src/aphront/response/file/AphrontFileResponse.php

Loading...

src/aphront/response/redirect/AphrontRedirectResponse.php

Loading...

src/aphront/response/webpage/AphrontWebpageResponse.php

Loading...