From d6b70ab47bc5be26a9671dfd3a0a3dd9fa044eb4 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 20 Oct 2014 16:17:39 -0400
Subject: [PATCH] Prepare 1.6.1 release

---
 src/main/java/com/gitblit/wicket/pages/BasePage.java |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/BasePage.java b/src/main/java/com/gitblit/wicket/pages/BasePage.java
index 4971039..b696700 100644
--- a/src/main/java/com/gitblit/wicket/pages/BasePage.java
+++ b/src/main/java/com/gitblit/wicket/pages/BasePage.java
@@ -45,6 +45,7 @@
 import org.apache.wicket.protocol.http.RequestUtils;
 import org.apache.wicket.protocol.http.WebResponse;
 import org.apache.wicket.protocol.http.servlet.ServletWebRequest;
+import org.apache.wicket.request.target.basic.RedirectRequestTarget;
 import org.apache.wicket.util.time.Duration;
 import org.apache.wicket.util.time.Time;
 import org.slf4j.Logger;
@@ -112,6 +113,15 @@
 		return canonicalUrl;
 	}
 
+	protected void redirectTo(Class<? extends BasePage> pageClass) {
+		redirectTo(pageClass, null);
+	}
+
+	protected void redirectTo(Class<? extends BasePage> pageClass, PageParameters parameters) {
+		String absoluteUrl = getCanonicalUrl(pageClass, parameters);
+		getRequestCycle().setRequestTarget(new RedirectRequestTarget(absoluteUrl));
+	}
+
 	protected String getLanguageCode() {
 		return GitBlitWebSession.get().getLocale().getLanguage();
 	}
@@ -166,6 +176,9 @@
 			// use default Wicket caching behavior
 			super.setHeaders(response);
 		}
+
+		// XRF vulnerability. issue-500 / ticket-166
+		response.setHeader("X-Frame-Options", "SAMEORIGIN");
 	}
 
 	/**
@@ -492,4 +505,5 @@
 		}
 		return sb.toString();
 	}
+
 }

--
Gitblit v1.9.1