From bb2d22d38555efde80536d0d8b15db4a262a5035 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 11 Sep 2014 09:35:45 -0400
Subject: [PATCH] Merged #175 "Repository url is now r"

---
 src/main/java/com/gitblit/wicket/pages/BasePage.java |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/BasePage.java b/src/main/java/com/gitblit/wicket/pages/BasePage.java
index 7d3d3a2..b454b7a 100644
--- a/src/main/java/com/gitblit/wicket/pages/BasePage.java
+++ b/src/main/java/com/gitblit/wicket/pages/BasePage.java
@@ -98,6 +98,10 @@
 		}
 	}
 
+	protected String getContextUrl() {
+		return getRequest().getRelativePathPrefixToContextRoot();
+	}
+
 	protected String getCanonicalUrl() {
 		return getCanonicalUrl(getClass(), getPageParameters());
 	}
@@ -162,6 +166,9 @@
 			// use default Wicket caching behavior
 			super.setHeaders(response);
 		}
+
+		// XRF vulnerability. issue-500 / ticket-166
+		response.setHeader("X-Frame-Options", "SAMEORIGIN");
 	}
 
 	/**

--
Gitblit v1.9.1