From 30dc4e420aa0b7c9f33c5f1af0f4b7dc26fcc63b Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 05 Sep 2014 15:41:45 -0400
Subject: [PATCH] Merged #166 "Fix XRF vulnerability"

---
 src/main/java/com/gitblit/wicket/pages/BasePage.java |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/BasePage.java b/src/main/java/com/gitblit/wicket/pages/BasePage.java
index 4971039..b454b7a 100644
--- a/src/main/java/com/gitblit/wicket/pages/BasePage.java
+++ b/src/main/java/com/gitblit/wicket/pages/BasePage.java
@@ -166,6 +166,9 @@
 			// use default Wicket caching behavior
 			super.setHeaders(response);
 		}
+
+		// XRF vulnerability. issue-500 / ticket-166
+		response.setHeader("X-Frame-Options", "SAMEORIGIN");
 	}
 
 	/**

--
Gitblit v1.9.1