Revision c4212dc6
Added by Yorick Koster over 7 years ago
| src/usr/local/www/guiconfig.inc | ||
|---|---|---|
| 25 | 25 |
|
| 26 | 26 |
/* Include authentication routines */ |
| 27 | 27 |
/* THIS MUST BE ABOVE ALL OTHER CODE */ |
| 28 |
header("X-Frame-Options: SAMEORIGIN");
|
|
| 28 | 29 |
include_once('phpsessionmanager.inc');
|
| 29 | 30 |
if (!$nocsrf) {
|
| 30 | 31 |
function csrf_startup() {
|
| ... | ... | |
| 47 | 48 |
header("Pragma: no-cache");
|
| 48 | 49 |
} |
| 49 | 50 |
|
| 50 |
header("X-Frame-Options: SAMEORIGIN");
|
|
| 51 | 51 |
require_once("authgui.inc");
|
| 52 | 52 |
|
| 53 | 53 |
/* parse the configuration and include all configuration functions */ |
Also available in: Unified diff
Prevent Clickjacking in CSRF error page