Ghost/core/server/web
Kevin Ansfield f88adb9180
Added x-frame-options header to /ghost/ route (#10760)
no issue
- by default the `/ghost/` route will add an `x-frame-options: sameorigin` header to the response to help protect the admin area against clickjacking
- the header can be disabled by adding `"adminFrameProtection": false` to the `config.{env}.json` configuration file

Credits: Muhammad Fawwad Obaida
2019-05-28 09:04:48 +01:00
..
admin Added x-frame-options header to /ghost/ route (#10760) 2019-05-28 09:04:48 +01:00
api Added Admin API for deleting members (#10673) 2019-04-13 10:38:56 +05:30
shared Exported raw middleware from serve-public-file 2019-04-24 12:46:00 +02:00
site replace deprecated del() with delete() call 2019-04-29 09:09:55 +02:00
index.js
parent-app.js Removed lib/members in favour of packages (#10739) 2019-05-08 14:08:25 +02:00