Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2026-05-07 05:16:45 +02:00
Code Issues Packages Projects Releases Activity

Fixed X-Frame-Options to be DENY in all admin pages to prevent a clickjacking attack

Browse Source
This commit is contained in:
Matias Griese
2021-09-01 13:17:21 +03:00
parent 2f9b0a179c
commit 853abfbbd3
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
classes/plugin/Router.php
View File

@@ -67,6 +67,6 @@ class Router extends ProcessorBase
$this->stopTimer();
// Never allow admin pages to be rendered in <frame>, <iframe>, <embed> or <object> for improved security.
return $response->withHeader('X-Frame-Options', 'NONE');
return $response->withHeader('X-Frame-Options', 'DENY');
}
}