MyBB Community Forums

MyBB Community Forums > 1.8 Support > Security Management and Support > clickJacking
Full Version: clickJacking
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

nimasdj

2015-12-15, 01:36 AM
Hi,

Our PCI Compliancy failed and says our MyBB forum is clickJacking vulnerable and suggests to add X-frame-Options header to fix it. Please add it in htaccess of MyBB package or add it as php in core file of MyBB.

Please advice in which file of MyBB I should add it as php?

.m.

2015-12-15, 01:41 AM
can you provide more details please ..

nimasdj

2015-12-15, 01:52 AM
I have no more details. This is all Comodo PCI Compliance scanner told me. You should add X-frame-Options header either by htaccess or with php in a core file. That is all I am told. In which MyBB file I should add that php?
Please advice.

header(' X-frame-Options: SAMEORIGIN');

.m.

2015-12-15, 02:36 AM
in the .htaccess you can add below code (near the top) 
Header always append X-Frame-Options SAMEORIGIN

(edited)

nimasdj

2015-12-15, 10:32 AM
I know that, I meant it would be good that you add this htaccess command in your htaccess.txt file in your package.

StefanT

2015-12-15, 10:47 AM
I think it is not wise to include it in the default htaccess. There are forums relying on frames.

Euan T

2015-12-15, 01:27 PM
(2015-12-15, 10:47 AM)StefanT Wrote: [ -> ]I think it is not wise to include it in the default htaccess. There are forums relying on frames.

Agreed.
MyBB Community Forums > 1.8 Support > Security Management and Support > clickJacking