?
avatar Joey3000
Joey3000
22 Aug 2014

Steps to reproduce the issue

  1. Open the Joomla back-end log-in page (www.example.com/administrator/)
  2. Using browser tools (e.g. the Firefox web console), check headers received with server response to GET www.example.com/administrator/

Expected result

  1. "X-Frame-Options: SAMEORIGIN" is received

Actual result

  1. "X-Frames-Options: SAME-ORIGIN" is received

System information (as much as possible)

PHP 5.3.6 on Apache on Linux

Additional comments

What should be server header "X-Frame-Options: SAMEORIGIN" is sent as "X-Frames-Options: SAME-ORIGIN" on Joomla 2.5.24. (I.e. both, header name AND its value are misspelled.)

Note: This was fixed on "master" with http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=30790, but not on Joomla 2.5.x.

avatar Joey3000 Joey3000 - open - 22 Aug 2014
avatar Joey3000 Joey3000 - reference | - 22 Aug 14
avatar Joey3000
Joey3000 - comment - 22 Aug 2014

PR created, work completed.

avatar Joey3000 Joey3000 - change - 23 Aug 2014
Status New Closed
Closed_Date 0000-00-00 00:00:00 2014-08-23 01:51:06
avatar Joey3000 Joey3000 - close - 23 Aug 2014
avatar zero-24 zero-24 - close - 23 Aug 2014
avatar zero-24 zero-24 - change - 7 Jul 2015
Labels Added: ?

Add a Comment

Login with GitHub to post a comment