Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
project
drupal
Commits
c8a0c7c9
Commit
c8a0c7c9
authored
Jul 02, 2015
by
webchick
Browse files
Issue
#2514136
by pwolanin, Fabianx: Add default clickjacking defense to core
parent
2710ccd0
Changes
2
Hide whitespace changes
Inline
Side-by-side
core/lib/Drupal/Core/EventSubscriber/FinishResponseSubscriber.php
View file @
c8a0c7c9
...
...
@@ -113,6 +113,7 @@ public function onRespond(FilterResponseEvent $event) {
// XSS and other vulnerabilities.
// https://www.owasp.org/index.php/List_of_useful_HTTP_headers
$response
->
headers
->
set
(
'X-Content-Type-Options'
,
'nosniff'
,
FALSE
);
$response
->
headers
->
set
(
'X-Frame-Options'
,
'SAMEORIGIN'
,
FALSE
);
// Expose the cache contexts and cache tags associated with this page in a
// X-Drupal-Cache-Contexts and X-Drupal-Cache-Tags header respectively.
...
...
core/modules/system/src/Tests/Routing/RouterTest.php
View file @
c8a0c7c9
...
...
@@ -40,7 +40,7 @@ public function testFinishResponseSubscriber() {
$this
->
assertEqual
(
$headers
[
'x-ua-compatible'
],
'IE=edge'
);
$this
->
assertEqual
(
$headers
[
'content-language'
],
'en'
);
$this
->
assertEqual
(
$headers
[
'x-content-type-options'
],
'nosniff'
);
$this
->
assertEqual
(
$headers
[
'x-frame-options'
],
'SAMEORIGIN'
);
$this
->
drupalGet
(
'router_test/test2'
);
$this
->
assertRaw
(
'test2'
,
'The correct string was returned because the route was successful.'
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment