N°3416 XFrame-Options header is now set using a config parameter, defaults to SAMEORIGIN

Also adds an indirection (\WebPage::add_xframe_options) to set header
2026-04-22 18:18:46 +02:00 · 2020-12-02 16:47:28 +01:00
parent 1cf1473d6b
commit 8bfcb14d0c
12 changed files with 58 additions and 35 deletions
--- a/application/ajaxwebpage.class.inc.php
+++ b/application/ajaxwebpage.class.inc.php
@@ -44,7 +44,7 @@ class ajax_page extends WebPage implements iTabbedPage
 		$this->add_header('Cache-control: no-cache, no-store, must-revalidate');
 		$this->add_header('Pragma: no-cache');
 		$this->add_header('Expires: 0');
-		$this->add_header('X-Frame-Options: deny');
+		$this->add_xframe_options();
 		$this->m_oTabs = new TabManager();
 		$this->sContentType = 'text/html';
 		$this->sContentDisposition = 'inline';