diff options
Diffstat (limited to 'program/lib/Roundcube/rcube_output.php')
| -rw-r--r-- | program/lib/Roundcube/rcube_output.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/program/lib/Roundcube/rcube_output.php b/program/lib/Roundcube/rcube_output.php index 5df672112..03ff4c116 100644 --- a/program/lib/Roundcube/rcube_output.php +++ b/program/lib/Roundcube/rcube_output.php @@ -190,6 +190,11 @@ abstract class rcube_output // Request browser to disable DNS prefetching (CVE-2010-0464) header("X-DNS-Prefetch-Control: off"); + + // send CSRF and clickjacking protection headers + if ($xframe = $this->app->config->get('x_frame_options', 'sameorigin')) { + header('X-Frame-Options: ' . $xframe); + } } /** |