Comment on GPUs from all major suppliers are vulnerable to new pixel-stealing attack
redcalcium@lemmy.institute 1 year ago
A big chunk of new websites deployed today have x-frame-options set to sameorigin because modern web framework these days typically have sensible default configuration. Now, if only WordPress also have this header in their default installation, most newly deployed websites will be covered, but alas…
jsnfwlr@lemmy.world 1 year ago
x-frame-optionsis a HTTP header - a frontend framework isn’t able to set that. Back end frameworks can, and probably should - or at least give you the option to with a default enabled value.While WordPress could be configured to set it, it probably shouldn’t do it in the PHP - the installation guides should be telling you how to do it in Apache HTTPD or Nginx, with a fallback to doing it in PHP if changing the server config isn’t available.