summaryrefslogtreecommitdiff
path: root/includes/DefaultSettings.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/DefaultSettings.php')
-rw-r--r--includes/DefaultSettings.php14
1 files changed, 13 insertions, 1 deletions
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 1034ea2e..acd89bde 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -33,7 +33,7 @@ $wgConf = new SiteConfiguration;
/** @endcond */
/** MediaWiki version number */
-$wgVersion = '1.19.1';
+$wgVersion = '1.19.2';
/** Name of the site. It must be changed in LocalSettings.php */
$wgSitename = 'MediaWiki';
@@ -2420,6 +2420,18 @@ $wgBreakFrames = false;
$wgEditPageFrameOptions = 'DENY';
/**
+ * Disallow framing of API pages directly, by setting the X-Frame-Options
+ * header. Since the API returns CSRF tokens, allowing the results to be
+ * framed can compromise your user's account security.
+ * Options are:
+ * - 'DENY': Do not allow framing. This is recommended for most wikis.
+ * - 'SAMEORIGIN': Allow framing by pages on the same domain.
+ * - false: Allow all framing.
+ */
+
+$wgApiFrameOptions = 'DENY';
+
+/**
* Disable output compression (enabled by default if zlib is available)
*/
$wgDisableOutputCompression = false;