From b2331a89980a43a6be95cb72364c6bdd33caf98a Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Sun, 07 Sep 2014 17:38:54 -0400
Subject: [PATCH] Merged #168 "Show account type in teams panel"

---
 src/main/java/com/gitblit/wicket/pages/BasePage.java |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/BasePage.java b/src/main/java/com/gitblit/wicket/pages/BasePage.java
index 7d3d3a2..b454b7a 100644
--- a/src/main/java/com/gitblit/wicket/pages/BasePage.java
+++ b/src/main/java/com/gitblit/wicket/pages/BasePage.java
@@ -98,6 +98,10 @@
 		}
 	}
 
+	protected String getContextUrl() {
+		return getRequest().getRelativePathPrefixToContextRoot();
+	}
+
 	protected String getCanonicalUrl() {
 		return getCanonicalUrl(getClass(), getPageParameters());
 	}
@@ -162,6 +166,9 @@
 			// use default Wicket caching behavior
 			super.setHeaders(response);
 		}
+
+		// XRF vulnerability. issue-500 / ticket-166
+		response.setHeader("X-Frame-Options", "SAMEORIGIN");
 	}
 
 	/**

--
Gitblit v1.9.1