Skip to content

Commit

Permalink
Merge pull request #1389 from DuendeSoftware/anders/x-frame-deny
Browse files Browse the repository at this point in the history
Consistent X-Frame-Options/CSP
  • Loading branch information
brockallen authored Aug 8, 2023
2 parents cc97ac2 + 1c0220d commit df2b00b
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion hosts/AspNetIdentity/Pages/SecurityHeadersAttribute.cs
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ public override void OnResultExecuting(ResultExecutingContext context)
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
if (!context.HttpContext.Response.Headers.ContainsKey("X-Frame-Options"))
{
context.HttpContext.Response.Headers.Append("X-Frame-Options", "SAMEORIGIN");
context.HttpContext.Response.Headers.Append("X-Frame-Options", "DENY");
}

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
Expand Down
2 changes: 1 addition & 1 deletion hosts/Configuration/Pages/SecurityHeadersAttribute.cs
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ public override void OnResultExecuting(ResultExecutingContext context)
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
if (!context.HttpContext.Response.Headers.ContainsKey("X-Frame-Options"))
{
context.HttpContext.Response.Headers.Append("X-Frame-Options", "SAMEORIGIN");
context.HttpContext.Response.Headers.Append("X-Frame-Options", "DENY");
}

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
Expand Down
2 changes: 1 addition & 1 deletion hosts/EntityFramework/Pages/SecurityHeadersAttribute.cs
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ public override void OnResultExecuting(ResultExecutingContext context)
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
if (!context.HttpContext.Response.Headers.ContainsKey("X-Frame-Options"))
{
context.HttpContext.Response.Headers.Append("X-Frame-Options", "SAMEORIGIN");
context.HttpContext.Response.Headers.Append("X-Frame-Options", "DENY");
}

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
Expand Down
2 changes: 1 addition & 1 deletion hosts/main/Pages/SecurityHeadersAttribute.cs
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ public override void OnResultExecuting(ResultExecutingContext context)
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
if (!context.HttpContext.Response.Headers.ContainsKey("X-Frame-Options"))
{
context.HttpContext.Response.Headers.Append("X-Frame-Options", "SAMEORIGIN");
context.HttpContext.Response.Headers.Append("X-Frame-Options", "DENY");
}

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
Expand Down

0 comments on commit df2b00b

Please sign in to comment.