On Wed, Oct 19, 2011 at 8:05 PM, Andreas Dick <[email protected]> wrote: > Am Mittwoch, 19. Oktober 2011, um 08.15:49 schrieb A.L.E.C: > > On 18.10.2011 22:17, Andreas Dick wrote: > > > security error: content at http://realserver.ch/roundcube/ is not > allowed > > > to load data from von http://niceurl.ch/ > > > > // X-Frame-Options HTTP header value sent to prevent from Clickjacking. > > // Possible values: sameorigin|deny. Set to false in order to disable > > sending them > > $rcmail_config['x_frame_options'] = 'sameorigin'; > thanks ALEC! > this was the problem... I did not understand this feature, now I do :-) > Andreas > > Just adding my two cents here:
We need to figure out more ways to effectively prevent clickjacking. Is running RoundCube in a frame a huge feature for you guys? Because it opens the gates for all kinds of abuse. Till
_______________________________________________ List info: http://lists.roundcube.net/dev/ BT/8f4f07cd
