d4708/qBittorrent
1
0
Fork 0
mirror of https://github.com/d47081/qBittorrent.git synced 2025-03-10 04:11:16 +00:00
Code Issues Projects Releases Wiki Activity

[WebUI] Avoid clickjacking attacks

Browse Source
This commit is contained in:
ngosang 2017-02-06 20:44:57 +01:00 committed by sledgehammer999
parent f9c39e3dac
commit f5ad04766f
No known key found for this signature in database
GPG Key ID: 6E4A2D025B7CC9A2
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/base/http/types.h
View File

@ -43,6 +43,7 @@ namespace Http
const QString HEADER_CONTENT_ENCODING = "Content-Encoding";
const QString HEADER_CONTENT_LENGTH = "Content-Length";
const QString HEADER_CACHE_CONTROL = "Cache-Control";
const QString HEADER_X_FRAME_OPTIONS = "X-Frame-Options";
const QString CONTENT_TYPE_CSS = "text/css; charset=UTF-8";
const QString CONTENT_TYPE_GIF = "image/gif";

6
src/webui/abstractwebapplication.cpp
View File

@ -103,7 +103,11 @@ Http::Response AbstractWebApplication::processRequest(const Http::Request &reque
request_ = request;
env_ = env;
clear(); // clear response
// clear response
clear();
// avoid clickjacking attacks
header(Http::HEADER_X_FRAME_OPTIONS, "SAMEORIGIN");
sessionInitialize();
if (!sessionActive() && !isAuthNeeded())