From: Alexander Ebert <ebert@woltlab.com>
Date: Mon, 20 Sep 2021 13:31:54 +0000 (+0200)
Subject: Enable `X-Frame-Options` for the WCFSetup
X-Git-Tag: 5.4.8_dev_1~23
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2a9d48c4badc4de2e0f2d2fc73c3af2bee39cce8;p=GitHub%2FWoltLab%2FWCF.git

Enable `X-Frame-Options` for the WCFSetup

This has the side effect of suppressing `SameSite=none` for the cookies, which fails on insecure connections because this attribute value is valid for secure cookies only.

Resolves #4499
---

diff --git a/wcfsetup/install/files/lib/system/WCFSetup.class.php b/wcfsetup/install/files/lib/system/WCFSetup.class.php
index 510d3a498d..1c3ca4544d 100644
--- a/wcfsetup/install/files/lib/system/WCFSetup.class.php
+++ b/wcfsetup/install/files/lib/system/WCFSetup.class.php
@@ -36,7 +36,7 @@ use wcf\util\XML;
 
 // define
 \define('PACKAGE_ID', 0);
-\define('HTTP_SEND_X_FRAME_OPTIONS', 0);
+\define('HTTP_SEND_X_FRAME_OPTIONS', 1);
 \define('CACHE_SOURCE_TYPE', 'disk');
 \define('MODULE_MASTER_PASSWORD', 1);
 \define('ENABLE_DEBUG_MODE', 1);