diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist index 822c6e63a..30268e079 100644 --- a/config/main.inc.php.dist +++ b/config/main.inc.php.dist @@ -237,6 +237,10 @@ $rcmail_config['ip_check'] = false; // check referer of incoming requests $rcmail_config['referer_check'] = false; +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_confoig['x_frame_options'] = 'sameorigin'; + // this key is used to encrypt the users imap password which is stored // in the session record (and the client cookie if remember password is enabled). // please provide a string of exactly 24 chars. diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php index c4dd73b23..1ec8e7dd3 100755 --- a/program/include/rcube_template.php +++ b/program/include/rcube_template.php @@ -356,6 +356,11 @@ class rcube_template extends rcube_html_page // make sure all