composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-23 10:38:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°3416 XFrame-Options header is now set using a config parameter, defaults to SAMEORIGIN

Browse Source 
Also adds an indirection (\WebPage::add_xframe_options) to set header
This commit is contained in:
Pierre Goiffon
2020-12-02 16:47:28 +01:00
parent 1cf1473d6b
commit 8bfcb14d0c
12 changed files with 58 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
webservices/export-v2.php
View File

@@ -44,7 +44,7 @@ function ReportErrorAndExit($sErrorMessage)
else
{
$oP = new WebPage("iTop - Export");
$oP->add_header('X-Frame-Options: deny');
$oP->add_xframe_options();
$oP->p('ERROR: '.$sErrorMessage);
$oP->output();
exit(-1);
@@ -61,10 +61,9 @@ function ReportErrorAndUsage($sErrorMessage)
$oP->output();
exit(-1);
}
else
{
else {
$oP = new WebPage("iTop - Export");
$oP->add_header('X-Frame-Options: deny');
$oP->add_xframe_options();
$oP->p('ERROR: '.$sErrorMessage);
Usage($oP);
$oP->output();
@@ -728,19 +727,17 @@ try
if ($sMimeType == 'text/html')
{
// Note: Using NiceWebPage only for HTML export as it includes JS scripts & files, which makes no sense in other export formats. More over, it breaks Excel spreadsheet import.
if($oExporter instanceof HTMLBulkExport)
{
if($oExporter instanceof HTMLBulkExport) {
$oP = new NiceWebPage('iTop export');
$oP->add_header('X-Frame-Options: deny');
$oP->add_xframe_options();
$oP->add_ready_script("$('table.listResults').tablesorter({widgets: ['MyZebra']});");
$oP->add_linked_stylesheet(utils::GetAbsoluteUrlAppRoot().'css/font-awesome/css/all.min.css');
$oP->add_linked_stylesheet(utils::GetAbsoluteUrlAppRoot().'css/font-awesome/css/v4-shims.min.css');
}
else
{
else {
$oP = new WebPage('iTop export');
$oP->add_header('X-Frame-Options: deny');
$oP->add_style("table br { mso-data-placement:same-cell; }"); // Trick for Excel: keep line breaks inside the same cell !
$oP->add_xframe_options();
$oP->add_style("table br { mso-data-placement:same-cell; }"); // Trick for Excel: keep line breaks inside the same cell !
}
$oP->add_style("body { overflow: auto; }");
}
@@ -760,10 +757,9 @@ catch (BulkExportMissingParameterException $e)
Usage($oP);
$oP->output();
}
catch (Exception $e)
{
catch (Exception $e) {
$oP = new WebPage('iTop Export');
$oP->add_header('X-Frame-Options: deny');
$oP->add_xframe_options();
$oP->add('Error: '.$e->getMessage());
IssueLog::Error($e->getMessage()."\n".$e->getTraceAsString());
$oP->output();