diff options
author | msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2014-10-20 21:59:33 +0000 |
---|---|---|
committer | msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2014-10-20 21:59:33 +0000 |
commit | 241474b0d9e8cd99b440f38890bcb78eaac34b74 (patch) | |
tree | 7d64e5be0404dedea9e0f39d41c17936c2e77945 /templates/header.tmpl.in | |
parent | 9b9c3de281cf9178802d480453ce223ba9849214 (diff) | |
download | cups-241474b0d9e8cd99b440f38890bcb78eaac34b74.tar.gz |
The web interface now protects against frame "click-jacking" attacks (STR #4492)
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12219 a1ca3aef-8c08-0410-bb20-df032aa958be
Diffstat (limited to 'templates/header.tmpl.in')
-rw-r--r-- | templates/header.tmpl.in | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/templates/header.tmpl.in b/templates/header.tmpl.in index e41da576b..a4beb53df 100644 --- a/templates/header.tmpl.in +++ b/templates/header.tmpl.in @@ -8,7 +8,15 @@ {refresh_page?<meta http-equiv="refresh" content="{refresh_page}">:} <meta http-equiv="X-UA-Compatible" content="IE=9"> <meta name="viewport" content="width=device-width"> + <style>html{display:none;}</style> <script type="text/javascript"><!-- + /* Only display document if we are not in a frame... */ + if (self == top) { + document.documentElement.style.display = 'block'; + } else { + top.location = self.location; + } + /* Show an error if cookies are disabled */ function check_cookies() { if (!navigator.cookieEnabled) { |