Skip to content

Commit 4995ffc

Browse files
committed
MAGETWO-43510: x-frame-options missing from setup
- Fixed the security hole.
1 parent b6c0003 commit 4995ffc

File tree

2 files changed

+12
-0
lines changed

2 files changed

+12
-0
lines changed

pub/.htaccess

+6
Original file line numberDiff line numberDiff line change
@@ -182,3 +182,9 @@
182182
order allow,deny
183183
deny from all
184184
</Files>
185+
186+
<IfModule mod_headers.c>
187+
############################################
188+
## prevent clickjacking
189+
Header set X-Frame-Options SAMEORIGIN
190+
</IfModule>

setup/.htaccess

+6
Original file line numberDiff line numberDiff line change
@@ -3,3 +3,9 @@ Options -Indexes
33
<IfModule mod_rewrite.c>
44
RewriteEngine Off
55
</IfModule>
6+
7+
<IfModule mod_headers.c>
8+
############################################
9+
## prevent clickjacking
10+
Header set X-Frame-Options SAMEORIGIN
11+
</IfModule>

0 commit comments

Comments
 (0)