archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Add framebusting to Phabricator.

Browse Source 
Summary:
Technically we didn't have it in the first place, but should. Also
add in X-Frame-Options for double-plus-good.

Test Plan:
Created a page with Phabricator in an <iframe />, got busted out
of it. Added in the X-Frame-Options, got an empty iframe.

Differential Revision: 38
Reviewed By: tomo
Reviewers: mroch, tomo
This commit is contained in:
epriestley
2011-02-16 22:17:05 -08:00
parent 147d2e2e3d
commit 0b1450c5f9
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/aphront/response/webpage/AphrontWebpageResponse.php
View File

@@ -34,7 +34,8 @@ class AphrontWebpageResponse extends AphrontResponse {
public function getHeaders() { public function getHeaders() {
return array( return array(
array('Content-Type', 'text/html; charset=UTF-8'), array('Content-Type', 'text/html; charset=UTF-8'),
array('X-Frame-Options', 'Deny'),
); );
} }

5
src/view/page/standard/PhabricatorStandardPageView.php
View File

@@ -98,8 +98,11 @@ class PhabricatorStandardPageView extends AphrontPageView {
protected function getHead() { protected function getHead() {
$response = CelerityAPI::getStaticResourceResponse(); $response = CelerityAPI::getStaticResourceResponse();
return return
'<script type="text/javascript">'.
'(top != self) && top.location.replace(self.location.href);'.
'window.__DEV__=1;'.
'</script>'.
$response->renderResourcesOfType('css'). $response->renderResourcesOfType('css').
'<script type="text/javascript">window.__DEV__=1;</script>'.
'<script type="text/javascript" src="/rsrc/js/javelin/init.dev.js">'. '<script type="text/javascript" src="/rsrc/js/javelin/init.dev.js">'.
'</script>'; '</script>';
} }