Index: branches/REL1_15/phase3/includes/OutputPage.php |
— | — | @@ -957,6 +957,9 @@ |
958 | 958 | $wgRequest->response()->header( "Content-type: $wgMimeType; charset={$wgOutputEncoding}" ); |
959 | 959 | $wgRequest->response()->header( 'Content-language: '.$wgContLanguageCode ); |
960 | 960 | |
| 961 | + # To prevent clickjacking, do not allow this page to be inside a frame. |
| 962 | + $wgRequest->response()->header( 'X-Frame-Options: DENY' ); |
| 963 | + |
961 | 964 | if ($this->mArticleBodyOnly) { |
962 | 965 | $this->out($this->mBodytext); |
963 | 966 | } else { |
Index: branches/REL1_15/phase3/config/index.php |
— | — | @@ -21,6 +21,7 @@ |
22 | 22 | |
23 | 23 | error_reporting( E_ALL ); |
24 | 24 | header( "Content-type: text/html; charset=utf-8" ); |
| 25 | +header( 'X-Frame-Options: DENY' ); |
25 | 26 | @ini_set( "display_errors", true ); |
26 | 27 | |
27 | 28 | # In case of errors, let output be clean. |