clickJacking
#1
Hi,

Our PCI Compliancy failed and says our MyBB forum is clickJacking vulnerable and suggests to add X-frame-Options header to fix it. Please add it in htaccess of MyBB package or add it as php in core file of MyBB.

Please advice in which file of MyBB I should add it as php?
Reply
#2
can you provide more details please ..
Reply
#3
I have no more details. This is all Comodo PCI Compliance scanner told me. You should add X-frame-Options header either by htaccess or with php in a core file. That is all I am told. In which MyBB file I should add that php?
Please advice.

header(' X-frame-Options: SAMEORIGIN');
Reply
#4
in the .htaccess you can add below code (near the top)
Header always append X-Frame-Options SAMEORIGIN

(edited)
Reply
#5
I know that, I meant it would be good that you add this htaccess command in your htaccess.txt file in your package.
Reply
#6
I think it is not wise to include it in the default htaccess. There are forums relying on frames.
[Image: banner.png]
Reply
#7
(2015-12-15, 10:47 AM)StefanT Wrote: I think it is not wise to include it in the default htaccess. There are forums relying on frames.

Agreed.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)