Bug 16210: Set X-Frame-Options to SAMEORIGIN in 2 other places

The login page should not be displayed if the page is displayed in a
frame.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 6efa491d1b2f92fa407aa49c7b678f9b642fc83f)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 7729ace7fa6fae2aec48abe80ea36d4f81197cbe)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

diff --git a/C4/Auth.pm b/C4/Auth.pm
index 3a2b49c..b52b55c 100644 (file)
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -193,9 +193,11 @@ sub get_template_and_user {
 
             $template->param( loginprompt => 1 );
             print $in->{query}->header(
-                -type    => 'text/html',
-                -charset => 'utf-8',
-                -cookie  => $cookie,
+                {   type              => 'text/html',
+                    charset           => 'utf-8',
+                    cookie            => $cookie,
+                    'X-Frame-Options' => 'SAMEORIGIN'
+                }
               ),
             $template->output;
             safe_exit;
@@ -1285,9 +1287,11 @@ sub checkauth {
     #    $cookie = $query->cookie(CGISESSID => $session->id
     #   );
     print $query->header(
-        -type    => 'text/html',
-        -charset => 'utf-8',
-        -cookie  => $cookie
+        {   type              => 'text/html',
+            charset           => 'utf-8',
+            cookie            => $cookie,
+            'X-Frame-Options' => 'SAMEORIGIN'
+        }
       ),
       $template->output;
     safe_exit;