aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2017-09-16 15:33:42 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2017-09-16 15:34:00 -0700
commitf69274a95b33ccce50560a3557e7736a1a3a1680 (patch)
treed0e681c19aec27db7a554555f1eca549e42de196
parentGentoo: move sparc to unstable arches (diff)
downloadgentoo-bugzilla-f69274a95b33ccce50560a3557e7736a1a3a1680.zip
gentoo-bugzilla-f69274a95b33ccce50560a3557e7736a1a3a1680.tar.gz
gentoo-bugzilla-f69274a95b33ccce50560a3557e7736a1a3a1680.tar.bz2
CGI: set Content-Security-Policy header.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
-rw-r--r--Bugzilla/CGI.pm3
1 files changed, 2 insertions, 1 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 44c089a..047ffa7 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -339,10 +339,11 @@ sub header {
$headers{'-strict_transport_security'} = $sts_opts;
}
- # Add X-Frame-Options header to prevent framing and subsequent
+ # Add X-Frame-Options & CSP headers to prevent framing and subsequent
# possible clickjacking problems.
unless ($self->url_is_attachment_base) {
$headers{'-x_frame_options'} = 'SAMEORIGIN';
+ $headers{'-content_security_policy'} = "frame-ancestors 'self'";
}
# Add X-XSS-Protection header to prevent simple XSS attacks