[SECURITY] Implement Click Jacking Protection 01/28601/3
authorHelmut Hummel <helmut.hummel@typo3.org>
Fri, 21 Mar 2014 11:54:13 +0000 (12:54 +0100)
committerErnesto Baschny <ernst@cron-it.de>
Fri, 21 Mar 2014 18:15:26 +0000 (19:15 +0100)
commit517efee327b8fc4f0203bd437eca90bdbaf5d05d
treefee58809e5c32400f6358cb280da77482a2e710c
parent915acbde458fe3c31091bda6068b9dcee1439227
[SECURITY] Implement Click Jacking Protection

To protect the backend from click jacking attacks
a HTTP header needs to be sent, which prevents
embedding backend pages in an iframe on domains
different than the one used to access the backend.

All recommended browsers respect this header
and prevents the backend page to be shown in an
iframe, so we do not need to implement further
JavaScript frame busting solutions.

Resolves: #54201
Documentation: #57144
Releases: 6.2
Change-Id: Ic83cae4917bb62ff8fe8b55a947ace7dba86d223
Reviewed-on: https://review.typo3.org/28601
Reviewed-by: Christian Kuhn
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
typo3/init.php
typo3/sysext/core/Classes/Core/Bootstrap.php
typo3/sysext/core/Configuration/DefaultConfiguration.php