- Printer sharing did not work when systemd was being used (STR #4497)
- cupsGetPPD* would return a symlink to the PPD in /etc/cups/ppd even if
it was not readable by the user (STR #4500)
+ - The web interface now protects against frame "click-jacking" attacks
+ (STR #4492)
- Fixed a crash in ippAttributeString (<rdar://problem/17903871>)
- RPMs did not build (STR #4490)
return (-1);
}
}
+
+ /*
+ * "Click-jacking" defense (STR #4492)...
+ */
+
+ if (httpPrintf(http, "X-Frame-Options: DENY\r\n"
+ "Content-Security-Policy: frame-ancestors 'none'\r\n") < 1)
+ {
+ http->status = HTTP_STATUS_ERROR;
+ return (-1);
+ }
}
if (httpWrite2(http, "\r\n", 2) < 2)
{refresh_page?<meta http-equiv="refresh" content="{refresh_page}">:}
<meta http-equiv="X-UA-Compatible" content="IE=9">
<meta name="viewport" content="width=device-width">
+ <style>html{display:none;}</style>
<script type="text/javascript"><!--
+ /* Only display document if we are not in a frame... */
+ if (self == top) {
+ document.documentElement.style.display = 'block';
+ } else {
+ top.location = self.location;
+ }
+
/* Show an error if cookies are disabled */
function check_cookies() {
if (!navigator.cookieEnabled) {
{refresh_page?<meta http-equiv="refresh" content="{refresh_page}">:}
<meta http-equiv="X-UA-Compatible" content="IE=9">
<meta name="viewport" content="width=device-width">
+ <style>html{display:none;}</style>
<script type="text/javascript"><!--
+ /* Only display document if we are not in a frame... */
+ if (self == top) {
+ document.documentElement.style.display = 'block';
+ } else {
+ top.location = self.location;
+ }
+
/* Show an error if cookies are disabled */
function check_cookies() {
if (!navigator.cookieEnabled) {