composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-19 15:22:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°3416 XFrame-Options header is now set using a config parameter, defaults to SAMEORIGIN

Browse Source 
Also adds an indirection (\WebPage::add_xframe_options) to set header
This commit is contained in:
Pierre Goiffon
2020-12-02 16:47:28 +01:00
parent 1cf1473d6b
commit 8bfcb14d0c
12 changed files with 58 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
datamodels/2.x/itop-hub-connector/hubconnectorpage.class.inc.php
View File

@@ -4,20 +4,20 @@ class HubConnectorPage extends NiceWebPage
{
public function __construct($sTitle)
{
parent::__construct($sTitle);
parent::__construct($sTitle);
$this->add_header('Cache-control: no-cache, no-store, must-revalidate');
$this->add_header('Pragma: no-cache');
$this->add_header('Expires: 0');
$this->add_header('X-Frame-Options: deny');
$this->add_xframe_options();
$sImagesDir = utils::GetAbsoluteUrlAppRoot().'images';
$sModuleImagesDir = utils::GetAbsoluteUrlModulesRoot().'itop-hub-connector/images';
$sUserPrefs = appUserPreferences::GetAsJSON();
$this->add_linked_script(utils::GetAbsoluteUrlAppRoot().'js/utils.js');
$this->add_script(
<<<EOF
$sImagesDir = utils::GetAbsoluteUrlAppRoot().'images';
$sModuleImagesDir = utils::GetAbsoluteUrlModulesRoot().'itop-hub-connector/images';
$sUserPrefs = appUserPreferences::GetAsJSON();
$this->add_linked_script(utils::GetAbsoluteUrlAppRoot().'js/utils.js');
$this->add_script(
<<<EOF
var oUserPreferences = $sUserPrefs;
EOF
);