mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 19:22:14 +02:00
avoid a clickjacking attack reported on huntr.dev by @ranjit-git
This commit is contained in:
parent
feb5cbc7f3
commit
64e98fcf97
@ -27,6 +27,9 @@ if (!defined('POSTFIXADMIN')) { # already defined if called from setup.php
|
|||||||
if (empty($_SESSION['flash'])) {
|
if (empty($_SESSION['flash'])) {
|
||||||
$_SESSION['flash'] = array();
|
$_SESSION['flash'] = array();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// avoid clickjacking attacks?
|
||||||
|
header('X-Frame-Options: DENY');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user