From 2a9d48c4badc4de2e0f2d2fc73c3af2bee39cce8 Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Mon, 20 Sep 2021 15:31:54 +0200 Subject: [PATCH] Enable `X-Frame-Options` for the WCFSetup This has the side effect of suppressing `SameSite=none` for the cookies, which fails on insecure connections because this attribute value is valid for secure cookies only. Resolves #4499 --- wcfsetup/install/files/lib/system/WCFSetup.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wcfsetup/install/files/lib/system/WCFSetup.class.php b/wcfsetup/install/files/lib/system/WCFSetup.class.php index 510d3a498d..1c3ca4544d 100644 --- a/wcfsetup/install/files/lib/system/WCFSetup.class.php +++ b/wcfsetup/install/files/lib/system/WCFSetup.class.php @@ -36,7 +36,7 @@ use wcf\util\XML; // define \define('PACKAGE_ID', 0); -\define('HTTP_SEND_X_FRAME_OPTIONS', 0); +\define('HTTP_SEND_X_FRAME_OPTIONS', 1); \define('CACHE_SOURCE_TYPE', 'disk'); \define('MODULE_MASTER_PASSWORD', 1); \define('ENABLE_DEBUG_MODE', 1); -- 2.20.1