wellton/cups
1
0
Fork 0
Código Issues Pull Requests Ações Pacotes Projetos Versões Wiki Atividade

The web interface now protects against frame "click-jacking" attacks (STR #4492)

Ver Código-Fonte 
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12219 a1ca3aef-8c08-0410-bb20-df032aa958be
Esse commit está contido em:
msweet
2014-10-20 21:59:33 +00:00
pai 9b9c3de281
commit 241474b0d9
4 arquivos alterados com 29 adições e 0 exclusões
Baixar Arquivo de Patch Baixar Arquivo de Diff Expandir todos os arquivos Colapsar todos os arquivos
CHANGES-2.0.txt
+2
Ver Arquivo
@@ -8,6 +8,8 @@ CHANGES IN CUPS V2.0.1
- Printer sharing did not work when systemd was being used (STR #4497)
- cupsGetPPD* would return a symlink to the PPD in /etc/cups/ppd even if
it was not readable by the user (STR #4500)
- The web interface now protects against frame "click-jacking" attacks
(STR #4492)
- Fixed a crash in ippAttributeString (<rdar://problem/17903871>)
- RPMs did not build (STR #4490)
cups/http.c
+11
Ver Arquivo
@@ -3611,6 +3611,17 @@ httpWriteResponse(http_t *http, /* I - HTTP connection */
return (-1);
}
}
/*
* "Click-jacking" defense (STR #4492)...
*/
if (httpPrintf(http, "X-Frame-Options: DENY\r\n"
"Content-Security-Policy: frame-ancestors 'none'\r\n") < 1)
{
http->status = HTTP_STATUS_ERROR;
return (-1);
}
}
if (httpWrite2(http, "\r\n", 2) < 2)
templates/es/header.tmpl.in
+8
Ver Arquivo
@@ -8,7 +8,15 @@
{refresh_page?<meta http-equiv="refresh" content="{refresh_page}">:}
<meta http-equiv="X-UA-Compatible" content="IE=9">
<meta name="viewport" content="width=device-width">
<style>html{display:none;}</style>
<script type="text/javascript"><!--
/* Only display document if we are not in a frame... */
if (self == top) {
document.documentElement.style.display = 'block';
} else {
top.location = self.location;
}
/* Show an error if cookies are disabled */
function check_cookies() {
if (!navigator.cookieEnabled) {
templates/header.tmpl.in
+8
Ver Arquivo
@@ -8,7 +8,15 @@
{refresh_page?<meta http-equiv="refresh" content="{refresh_page}">:}
<meta http-equiv="X-UA-Compatible" content="IE=9">
<meta name="viewport" content="width=device-width">
<style>html{display:none;}</style>
<script type="text/javascript"><!--
/* Only display document if we are not in a frame... */
if (self == top) {
document.documentElement.style.display = 'block';
} else {
top.location = self.location;
}
/* Show an error if cookies are disabled */
function check_cookies() {
if (!navigator.cookieEnabled) {