X-FRAME-OPTIONSを送信するようにした

author konekoneko <jbh03215@hotmail.co.jp>

Mon, 19 Nov 2012 16:30:56 +0000 (01:30 +0900)

committer konekoneko <jbh03215@hotmail.co.jp>

Mon, 19 Nov 2012 16:30:56 +0000 (01:30 +0900)
author konekoneko <jbh03215@hotmail.co.jp>
Mon, 19 Nov 2012 16:30:56 +0000 (01:30 +0900)
committer konekoneko <jbh03215@hotmail.co.jp>
Mon, 19 Nov 2012 16:30:56 +0000 (01:30 +0900)
diff --git a/chat.js b/chat.js

index 4fb80fd..c8f84e7 100644 (file)
--- a/chat.js
+++ b/chat.js
@@ -100,6 +100,7 @@ function admin_proc(req,res)
         var iplist = ipbanlist.GetText();\r
  \r
         fs.readdir($log_directory,function(err,list){\r
+               res.setHeader("X-FRAME-OPTIONS","DENY");\r
                 res.render("admin", {\r
                         files: list,\r
                         log_directory:$log_directory,\r
diff --git a/profile.js b/profile.js

index 34636c1..3022f06 100644 (file)
--- a/profile.js
+++ b/profile.js
@@ -32,6 +32,7 @@ function admin_proc(req, res)
                         RenderMessage(res,err,info);\r
                 else{\r
                         result.token = info.token;\r
+                       res.setHeader("X-FRAME-OPTIONS","DENY");\r
                         res.render("profile/admin",result);\r
                 }\r
         });\r
@@ -130,6 +131,7 @@ function detail_proc(req, res)
                 else if(result.length == 0)\r
                         RenderMessage(res,resource.notfound_name,req.session.items);\r
                 else{\r
+                       res.setHeader("X-FRAME-OPTIONS","DENY");\r
                         res.render("profile/detail",{list:result,token:req.session.items.token,admin:req.session.items.admin});\r
                 }\r
         });\r
@@ -181,6 +183,7 @@ function detail_postproc(req, res)
                         if(err != null){\r
                                 RenderMessage(res,err,req.session.items);\r
                         }else if(result != null){\r
+                               res.setHeader("X-FRAME-OPTIONS","DENY");\r
                                 res.render("profile/edit",{list:result,token:req.body.token});\r
                         }else{\r
                                 RenderMessage(res,resource.unmatch_password,req.session.items);\r
@@ -244,6 +247,7 @@ function registor_proc(req, res)
         if(typeof(req.session.items) == "undefined")\r
                 req.session.items = new security.SessionInfomation(false);\r
  \r
+       res.setHeader("X-FRAME-OPTIONS","DENY");\r
         res.render("profile/registor",{token:req.session.items.token});\r
  }\r
  \r
author	konekoneko <jbh03215@hotmail.co.jp>
	Mon, 19 Nov 2012 16:30:56 +0000 (01:30 +0900)
committer	konekoneko <jbh03215@hotmail.co.jp>
	Mon, 19 Nov 2012 16:30:56 +0000 (01:30 +0900)
chat.js		patch \| blob \| history
profile.js		patch \| blob \| history