From c170bfc92f48dea0dc009916251acf730b1d885f Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Mon, 5 Sep 2011 08:39:52 +0000
Subject: Protect from Clickjacking by sending X-Frame-Options headers
 (#1487037)

---
 config/main.inc.php.dist | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'config')

diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist
index 822c6e63a..30268e079 100644
--- a/config/main.inc.php.dist
+++ b/config/main.inc.php.dist
@@ -237,6 +237,10 @@ $rcmail_config['ip_check'] = false;
 // check referer of incoming requests
 $rcmail_config['referer_check'] = false;
 
+// X-Frame-Options HTTP header value sent to prevent from Clickjacking.
+// Possible values: sameorigin|deny. Set to false in order to disable sending them
+$rcmail_confoig['x_frame_options'] = 'sameorigin';
+
 // this key is used to encrypt the users imap password which is stored
 // in the session record (and the client cookie if remember password is enabled).
 // please provide a string of exactly 24 chars.
-- 
cgit v1.2.3