Added deny xframe

2024-11-12 00:59:46 +00:00 · 2019-12-23 21:10:13 -05:00 · 2019-12-23 21:10:13 -05:00 · 4bd3cd2ec5
parent 59aa0d9ab0
commit 4bd3cd2ec5
2 changed files with 14 additions and 4 deletions
--- a/includes/SkinCitizen.php
+++ b/includes/SkinCitizen.php
@ -47,8 +47,12 @@ class SkinCitizen extends SkinTemplate {
 				]
 			);
 		}
-		// Referrer policy
-		if ( $this->getConfig()->get( 'CitizenEnableReferrerPolicy' ) ) {
+		// Deny X-Frame-Options
+		if ( $this->getConfig()->get( 'EnableDenyXFrameOptions' ) ) {
+			$out->getRequest()->response()->header( 'X-Frame-Options: deny' );
+		}
+		// Strict referrer policy
+		if ( $this->getConfig()->get( 'CitizenEnableStrictReferrerPolicy' ) ) {
 			// iOS Safari, IE, Edge compatiblity
 			$out->addMeta( 'referrer',
 				'strict-origin'
--- a/skin.json
+++ b/skin.json
@ -37,10 +37,16 @@
 			"descriptionmsg": "citizen-config-enablemanifest",
 			"public": true
 		},
-		"EnableReferrerPolicy": {
+		"EnableDenyXFrameOptions": {
+			"value": false,
+			"description": "Enable or disable the deny X-Frame-Options header",
+			"descriptionmsg": "citizen-config-enabledenyxframeoptions",
+			"public": true
+		},
+		"EnableStrictReferrerPolicy": {
 			"value": false,
 			"description": "Enable or disable strict-origin-when-cross-origin referrer policy",
-			"descriptionmsg": "citizen-config-enablereferrerpolicy",
+			"descriptionmsg": "citizen-config-enablestrictreferrerpolicy",
 			"public": true
 		},
 		"ManifestThemeColor": {