composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-12 23:14:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°4368 add sending X-Content-Type-Options HTTP header

Browse Source 
Replace in consumers the \WebPage::add_xframe_options call by \WebPage::add_http_headers
This commit is contained in:
Pierre Goiffon
2023-12-14 10:04:08 +01:00
parent d5449cca42
commit 9865bf0779
13 changed files with 42 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pages/ajax.render.php
View File

@@ -1036,7 +1036,7 @@ try
// X-Frame http header : set in page constructor, but we need to allow frame integration for this specific page
// so we're resetting its value ! (see N°3416)
$oPage->add_xframe_options('');
$oPage->add_http_headers('');
// N°4129 - Prevent XSS attacks & other script executions
if (utils::GetConfig()->Get('security.disable_inline_documents_sandbox') === false) {