github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-06 23:07:28 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #1585 from raul/prevent-clickjacking

Browse Source 
Require `X-Frame-Options: SAMEORIGIN` for clickjack prevention
This commit is contained in:
Robin Ward
2013-10-29 08:02:53 -07:00
parent 12ef8124cf 4f9aa6a92a
commit d0eecfbc53
3 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Gemfile
View File

@ -116,6 +116,7 @@ gem 'therubyracer', require: 'v8'
gem 'thin', require: false gem 'thin', require: false
gem 'diffy', '>= 3.0', require: false gem 'diffy', '>= 3.0', require: false
gem 'highline', require: false gem 'highline', require: false
gem 'rack-protection' # security
# Gem that enables support for plugins. It is required. # Gem that enables support for plugins. It is required.
gem 'discourse_plugin', path: 'vendor/gems/discourse_plugin' gem 'discourse_plugin', path: 'vendor/gems/discourse_plugin'

1
Gemfile.lock
View File

@ -522,6 +522,7 @@ DEPENDENCIES
qunit-rails qunit-rails
rack-cors rack-cors
rack-mini-profiler! rack-mini-profiler!
rack-protection
rails (= 3.2.12) rails (= 3.2.12)
rails_multisite! rails_multisite!
rake rake

3
config/initializers/11-rack-protection.rb Normal file
View File

@ -0,0 +1,3 @@
require 'rack/protection'
Rails.configuration.middleware.use Rack::Protection::FrameOptions