USEFULL
/
gogs
mirror of https://github.com/gogs/gogs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

context: add X-Frame-Options header (#6411) 

Co-authored-by: ᴜɴᴋɴᴡᴏɴ <u@gogs.io>
pull/6416/head
Matheus Mosca 2020-11-11 01:17:43 -03:00 committed by GitHub
parent 6f735cc2da
commit 997ba0fef0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -17,6 +17,8 @@ All notable changes to Gogs are documented in this file.
### Fixed
- Add `X-Frame-Options` header to prevent Clickjacking. [#6409](https://github.com/gogs/gogs/issues/6409)
### Removed
- ⚠️ Migrations before 0.12 are removed, installations not on 0.12 should upgrade to it to run the migrations and then upgrade to 0.13.

1
internal/context/context.go
View File

@ -289,6 +289,7 @@ func Contexter() macaron.Handler {
// 🚨 SECURITY: Prevent MIME type sniffing in some browsers,
// see https://github.com/gogs/gogs/issues/5397 for details.
c.Header().Set("X-Content-Type-Options", "nosniff")
c.Header().Set("X-Frame-Options", "DENY")
ctx.Map(c)
}