From 0750795fb8ad4cfd6c6bad7a0060d57a0f427bc9 Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Mon, 20 Sep 2021 15:58:51 +0200 Subject: [PATCH] Enable `X-Frame-Options` for the WCFSetup This has the side effect of suppressing `SameSite=none` for the cookies, which fails on insecure connections because this attribute value is valid for secure cookies only. Resolves #4499 Follow up for 2a9d48c4badc4de2e0f2d2fc73c3af2bee39cce8 --- wcfsetup/install/files/options.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wcfsetup/install/files/options.inc.php b/wcfsetup/install/files/options.inc.php index e5a7210d9b..edfa6df091 100644 --- a/wcfsetup/install/files/options.inc.php +++ b/wcfsetup/install/files/options.inc.php @@ -22,7 +22,7 @@ if (\file_exists(WCF_DIR . 'cookiePrefix.txt')) { \define('COOKIE_PATH', ''); \define('COOKIE_DOMAIN', ''); -\define('HTTP_SEND_X_FRAME_OPTIONS', 0); +\define('HTTP_SEND_X_FRAME_OPTIONS', 1); \define('BLACKLIST_IP_ADDRESSES', ''); \define('BLACKLIST_USER_AGENTS', ''); -- 2.20.1