[SIGNED-OFF] Bug 16210: Set X-Frame-Options to SAMEORIGIN in 2 other places

The login page should not be displayed if the page is displayed in a
frame.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>

diff --git a/C4/Auth.pm b/C4/Auth.pm
index bff7fcd..e3aecec 100644 (file)
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -194,9 +194,11 @@ sub get_template_and_user {
 
             $template->param( loginprompt => 1 );
             print $in->{query}->header(
-                -type    => 'text/html',
-                -charset => 'utf-8',
-                -cookie  => $cookie,
+                {   type              => 'text/html',
+                    charset           => 'utf-8',
+                    cookie            => $cookie,
+                    'X-Frame-Options' => 'SAMEORIGIN'
+                }
               ),
             $template->output;
             safe_exit;
@@ -1307,9 +1309,11 @@ sub checkauth {
     #    $cookie = $query->cookie(CGISESSID => $session->id
     #   );
     print $query->header(
-        -type    => 'text/html',
-        -charset => 'utf-8',
-        -cookie  => $cookie
+        {   type              => 'text/html',
+            charset           => 'utf-8',
+            cookie            => $cookie,
+            'X-Frame-Options' => 'SAMEORIGIN'
+        }
       ),
       $template->output;
     safe_exit;