You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by as...@apache.org on 2015/12/23 20:21:29 UTC
svn commit: r1721570 -
/sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java
Author: asanso
Date: Wed Dec 23 19:21:29 2015
New Revision: 1721570
URL: http://svn.apache.org/viewvc?rev=1721570&view=rev
Log:
SLING-5393 - Add default X-Frame-Options header to defende against Clickjacking
Modified:
sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java
Modified: sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java?rev=1721570&r1=1721569&r2=1721570&view=diff
==============================================================================
--- sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java (original)
+++ sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java Wed Dec 23 19:21:29 2015
@@ -111,7 +111,7 @@ public class SlingMainServlet extends Ge
private static final String PROP_SERVER_INFO = "sling.serverinfo";
- @Property(value = {"X-Content-Type-Options=nosniff"},
+ @Property(value = {"X-Content-Type-Options=nosniff", "X-Frame-Options=SAMEORIGIN"},
label = "Additional response headers",
description = "Provides mappings for additional response headers "
+ "Each entry is of the form 'bundleId [ \":\" responseHeaderName ] \"=\" responseHeaderValue' ",