diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2017-09-16 15:33:42 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2017-09-16 15:34:00 -0700 |
| commit | f69274a95b33ccce50560a3557e7736a1a3a1680 (patch) | |
| tree | d0e681c19aec27db7a554555f1eca549e42de196 | |
| parent | Gentoo: move sparc to unstable arches (diff) | |
| download | bugzilla-f69274a95b33ccce50560a3557e7736a1a3a1680.tar.gz bugzilla-f69274a95b33ccce50560a3557e7736a1a3a1680.tar.bz2 bugzilla-f69274a95b33ccce50560a3557e7736a1a3a1680.zip | |
CGI: set Content-Security-Policy header.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
| -rw-r--r-- | Bugzilla/CGI.pm | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index 44c089a20..047ffa757 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -339,10 +339,11 @@ sub header { $headers{'-strict_transport_security'} = $sts_opts; } - # Add X-Frame-Options header to prevent framing and subsequent + # Add X-Frame-Options & CSP headers to prevent framing and subsequent # possible clickjacking problems. unless ($self->url_is_attachment_base) { $headers{'-x_frame_options'} = 'SAMEORIGIN'; + $headers{'-content_security_policy'} = "frame-ancestors 'self'"; } # Add X-XSS-Protection header to prevent simple XSS attacks |