diff options
Diffstat (limited to 'includes/DefaultSettings.php')
| -rw-r--r-- | includes/DefaultSettings.php | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 1034ea2e..acd89bde 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -33,7 +33,7 @@ $wgConf = new SiteConfiguration; /** @endcond */ /** MediaWiki version number */ -$wgVersion = '1.19.1'; +$wgVersion = '1.19.2'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; @@ -2420,6 +2420,18 @@ $wgBreakFrames = false; $wgEditPageFrameOptions = 'DENY'; /** + * Disallow framing of API pages directly, by setting the X-Frame-Options + * header. Since the API returns CSRF tokens, allowing the results to be + * framed can compromise your user's account security. + * Options are: + * - 'DENY': Do not allow framing. This is recommended for most wikis. + * - 'SAMEORIGIN': Allow framing by pages on the same domain. + * - false: Allow all framing. + */ + +$wgApiFrameOptions = 'DENY'; + +/** * Disable output compression (enabled by default if zlib is available) */ $wgDisableOutputCompression = false; |