MAGETWO-43510: x-frame-options missing from setup

safwkhan · safwkhan · commit 4995ffc4c020 · 2015-10-05T13:40:48.000-05:00
- Fixed the security hole.
diff --git a/pub/.htaccess b/pub/.htaccess
@@ -182,3 +182,9 @@
         order allow,deny
         deny from all
     </Files>
+
+<IfModule mod_headers.c>
+    ############################################
+    ## prevent clickjacking
+    Header set X-Frame-Options SAMEORIGIN
+</IfModule>
diff --git a/setup/.htaccess b/setup/.htaccess
@@ -3,3 +3,9 @@ Options -Indexes
 <IfModule mod_rewrite.c>
     RewriteEngine Off
 </IfModule>
+
+<IfModule mod_headers.c>
+    ############################################
+    ## prevent clickjacking
+    Header set X-Frame-Options SAMEORIGIN
+</IfModule>
