This commit has been accessed 686 times via Git panel.
commit 295d6f089b7f9ed6711512bec75e091e320a7f76
tree ea6f8859a40255bd34dc0d4a63a6b6b3eaa3bfb3
parent 69ce445bdf43dccf109998cfe29c79520e2bf262
author Engels Antonio <engels@kartero.org> 1383850839 +0800
committer Engels Antonio <engels@kartero.org> 1383850839 +0800
Add X-Frame-Options and X-XSS-Protection headers
diff --git a/core.php b/core.php
index 5bf836c..e87e511 100644
--- a/core.php
+++ b/core.php
@@ -2,6 +2,8 @@
header('Content-Type: text/html; charset=UTF-8');
header('Cache-Control: private');
+header('X-Frame-Options: SAMEORIGIN');
+header('X-XSS-Protection: 1; mode=block');
ini_set("session.use_trans_sid","0");
ini_set("mbstring.language","Neutral");
@@ -15,6 +17,7 @@ ini_set("default_charset","UTF-8");
error_reporting(E_ERROR);
+session_cache_limiter(false);
session_start();
if ($_SESSION['logged_lvl'] == "subscriber") {
tree ea6f8859a40255bd34dc0d4a63a6b6b3eaa3bfb3
parent 69ce445bdf43dccf109998cfe29c79520e2bf262
author Engels Antonio <engels@kartero.org> 1383850839 +0800
committer Engels Antonio <engels@kartero.org> 1383850839 +0800
Add X-Frame-Options and X-XSS-Protection headers
diff --git a/core.php b/core.php
index 5bf836c..e87e511 100644
--- a/core.php
+++ b/core.php
@@ -2,6 +2,8 @@
header('Content-Type: text/html; charset=UTF-8');
header('Cache-Control: private');
+header('X-Frame-Options: SAMEORIGIN');
+header('X-XSS-Protection: 1; mode=block');
ini_set("session.use_trans_sid","0");
ini_set("mbstring.language","Neutral");
@@ -15,6 +17,7 @@ ini_set("default_charset","UTF-8");
error_reporting(E_ERROR);
+session_cache_limiter(false);
session_start();
if ($_SESSION['logged_lvl'] == "subscriber") {
