Add framebusting to Phabricator.

Summary: Technically we didn't have it in the first place, but should. Also add in X-Frame-Options for double-plus-good. Test Plan: Created a page with Phabricator in an <iframe />, got busted out of it. Added in the X-Frame-Options, got an empty iframe. Differential Revision: 38 Reviewed By: tomo Reviewers: mroch, tomo
2011-02-16 22:17:05 -08:00
parent 147d2e2e3d
commit 0b1450c5f9
2 changed files with 6 additions and 2 deletions
--- a/src/aphront/response/webpage/AphrontWebpageResponse.php
+++ b/src/aphront/response/webpage/AphrontWebpageResponse.php
@@ -34,7 +34,8 @@ class AphrontWebpageResponse extends AphrontResponse {

  public function getHeaders() {
    return array(
-      array('Content-Type', 'text/html; charset=UTF-8'),
+      array('Content-Type',    'text/html; charset=UTF-8'),
+      array('X-Frame-Options', 'Deny'),
    );
  }