diff --git a/application/ajaxwebpage.class.inc.php b/application/ajaxwebpage.class.inc.php index ce991285f..12f47ffa3 100644 --- a/application/ajaxwebpage.class.inc.php +++ b/application/ajaxwebpage.class.inc.php @@ -24,33 +24,34 @@ class ajax_page extends WebPage implements iTabbedPage /** * Jquery style ready script * @var array - */ + */ protected $m_sReadyScript; protected $m_oTabs; private $m_sMenu; // If set, then the menu will be updated - - /** - * constructor for the web page - * @param string $s_title Not used - */ - function __construct($s_title) - { + + /** + * constructor for the web page + * + * @param string $s_title Not used + */ + function __construct($s_title) { $sPrintable = utils::ReadParam('printable', '0'); $bPrintable = ($sPrintable == '1'); - parent::__construct($s_title, $bPrintable); - $this->m_sReadyScript = ""; + parent::__construct($s_title, $bPrintable); + $this->m_sReadyScript = ""; //$this->add_header("Content-type: text/html; charset=utf-8"); $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); - $this->add_header('Pragma: no-cache'); - $this->add_header('Expires: 0'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); + $this->add_header('X-Frame-Options: deny'); $this->m_oTabs = new TabManager(); $this->sContentType = 'text/html'; $this->sContentDisposition = 'inline'; $this->m_sMenu = ""; utils::InitArchiveMode(); - } + } /** * @inheritDoc diff --git a/application/csvpage.class.inc.php b/application/csvpage.class.inc.php index 0924cc38b..f6a4639bd 100644 --- a/application/csvpage.class.inc.php +++ b/application/csvpage.class.inc.php @@ -29,15 +29,15 @@ require_once(APPROOT."/application/webpage.class.inc.php"); class CSVPage extends WebPage { - function __construct($s_title) - { - parent::__construct($s_title); - $this->add_header("Content-type: text/plain; charset=".self::PAGES_CHARSET); - $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); - $this->add_header('Pragma: no-cache'); - $this->add_header('Expires: 0'); + function __construct($s_title) { + parent::__construct($s_title); + $this->add_header("Content-type: text/plain; charset=".self::PAGES_CHARSET); + $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); + $this->add_header('Pragma: no-cache'); + $this->add_header('Expires: 0'); + $this->add_header('X-Frame-Options: deny'); //$this->add_header("Content-Transfer-Encoding: binary"); - } + } public function output() { diff --git a/application/itopwebpage.class.inc.php b/application/itopwebpage.class.inc.php index 030b0cbbb..2e9a86275 100644 --- a/application/itopwebpage.class.inc.php +++ b/application/itopwebpage.class.inc.php @@ -74,6 +74,7 @@ class iTopWebPage extends NiceWebPage implements iTabbedPage $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); $this->add_header('Pragma: no-cache'); $this->add_header('Expires: 0'); + $this->add_header('X-Frame-Options: deny'); $this->add_linked_stylesheet("../css/jquery.treeview.css"); $this->add_linked_stylesheet("../css/jquery.autocomplete.css"); $this->add_linked_stylesheet("../css/jquery-ui-timepicker-addon.css"); diff --git a/application/loginwebpage.class.inc.php b/application/loginwebpage.class.inc.php index 8294a153e..07a2fd69d 100644 --- a/application/loginwebpage.class.inc.php +++ b/application/loginwebpage.class.inc.php @@ -78,16 +78,16 @@ class LoginWebPage extends NiceWebPage public function __construct($sTitle = null) { - if($sTitle === null) - { - $sTitle = Dict::S('UI:Login:Title'); - } + if ($sTitle === null) { + $sTitle = Dict::S('UI:Login:Title'); + } parent::__construct($sTitle); $this->SetStyleSheet(); $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); $this->add_header('Pragma: no-cache'); $this->add_header('Expires: 0'); + $this->add_header('X-Frame-Options: deny'); } public function SetStyleSheet() diff --git a/application/webpage.class.inc.php b/application/webpage.class.inc.php index 0134a815f..344d91542 100644 --- a/application/webpage.class.inc.php +++ b/application/webpage.class.inc.php @@ -490,6 +490,7 @@ class WebPage implements Page $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); $this->add_header('Pragma: no-cache'); $this->add_header('Expires: 0'); + $this->add_header('X-Frame-Options: deny'); } /** diff --git a/application/xmlpage.class.inc.php b/application/xmlpage.class.inc.php index 3d81c5b49..3310f3772 100644 --- a/application/xmlpage.class.inc.php +++ b/application/xmlpage.class.inc.php @@ -46,8 +46,9 @@ class XMLPage extends WebPage $this->add_header('Cache-control: no-cache, no-store, must-revalidate'); $this->add_header('Pragma: no-cache'); $this->add_header('Expires: 0'); + $this->add_header('X-Frame-Options: deny'); $this->add_header("Content-location: export.xml"); - } + } public function output() { diff --git a/datamodels/2.x/combodo-db-tools/dbtools.php b/datamodels/2.x/combodo-db-tools/dbtools.php index 23c581f5c..869c4d337 100644 --- a/datamodels/2.x/combodo-db-tools/dbtools.php +++ b/datamodels/2.x/combodo-db-tools/dbtools.php @@ -458,7 +458,6 @@ try $sPageId = 'db-tools'; $oP = new iTopWebPage($sPageTitle); - $this->m_oPage->add_header('X-Frame-Options: deny'); $oP->add_saas('env-'.utils::GetCurrentEnvironment().'/combodo-db-tools/default.scss'); $oP->add( diff --git a/datamodels/2.x/itop-backup/status.php b/datamodels/2.x/itop-backup/status.php index d33615680..feeeb9b1b 100644 --- a/datamodels/2.x/itop-backup/status.php +++ b/datamodels/2.x/itop-backup/status.php @@ -37,7 +37,6 @@ try { $sTransactionId = utils::GetNewTransactionId(); $oP = new iTopWebPage(Dict::S('bkp-status-title')); - $oP->add_header('X-Frame-Options: deny'); $oP->set_base(utils::GetAbsoluteUrlAppRoot().'pages/'); $oP->add("

".Dict::S('bkp-status-title')."

"); diff --git a/datamodels/2.x/itop-config/config.php b/datamodels/2.x/itop-config/config.php index 0db41c403..284796362 100644 --- a/datamodels/2.x/itop-config/config.php +++ b/datamodels/2.x/itop-config/config.php @@ -76,7 +76,6 @@ ApplicationMenu::CheckMenuIdEnabled('ConfigEditor'); //$oAppContext = new ApplicationContext(); $oP = new iTopWebPage(Dict::S('config-edit-title')); -$oP->add_header('X-Frame-Options: deny'); $oP->set_base(utils::GetAbsoluteUrlAppRoot().'pages/'); $oP->add_linked_script(utils::GetAbsoluteUrlAppRoot().'/js/ace/ace.js'); $oP->add_linked_script(utils::GetAbsoluteUrlAppRoot().'/js/ace/mode-php.js'); diff --git a/pages/UI.php b/pages/UI.php index f931e9121..c93fc194d 100644 --- a/pages/UI.php +++ b/pages/UI.php @@ -1962,7 +1962,6 @@ EOF /////////////////////////////////////////////////////////////////////////////////////////// default: // Menu node rendering (templates) - $oP->add_header('X-Frame-Options: deny'); ApplicationMenu::LoadAdditionalMenus(); $oMenuNode = ApplicationMenu::GetMenuNode(ApplicationMenu::GetMenuIndexById(ApplicationMenu::GetActiveNodeId())); if (is_object($oMenuNode)) diff --git a/pages/UniversalSearch.php b/pages/UniversalSearch.php index 2232fa510..cfcacc935 100644 --- a/pages/UniversalSearch.php +++ b/pages/UniversalSearch.php @@ -31,7 +31,6 @@ ApplicationMenu::CheckMenuIdEnabled('UniversalSearchMenu'); $oAppContext = new ApplicationContext(); $oP = new iTopWebPage(Dict::S('UI:UniversalSearchTitle')); -$oP->add_header('X-Frame-Options: deny'); $oP->add_linked_script("../js/json.js"); $oP->add_linked_script("../js/forms-json-utils.js"); $oP->add_linked_script("../js/wizardhelper.js"); diff --git a/pages/notifications.php b/pages/notifications.php index f53896da0..a41a66d4d 100644 --- a/pages/notifications.php +++ b/pages/notifications.php @@ -30,7 +30,6 @@ ApplicationMenu::CheckMenuIdEnabled("NotificationsMenu"); // Main program // $oP = new iTopWebPage(Dict::S('Menu:NotificationsMenu+')); -$oP->add_header('X-Frame-Options: deny'); $oP->add('
'); $oP->add('

'.dict::S('UI:NotificationsMenu:Title').'

'); diff --git a/pages/run_query.php b/pages/run_query.php index 174ab5150..a8154c242 100644 --- a/pages/run_query.php +++ b/pages/run_query.php @@ -93,7 +93,6 @@ $oAppContext = new ApplicationContext(); $oP = new iTopWebPage(Dict::S('UI:RunQuery:Title')); $oP->SetBreadCrumbEntry('ui-tool-runquery', Dict::S('Menu:RunQueriesMenu'), Dict::S('Menu:RunQueriesMenu+'), '', utils::GetAbsoluteUrlAppRoot().'images/wrench.png'); -$oP->add_header('X-Frame-Options: deny'); // Main program $sExpression = utils::ReadParam('expression', '', false, 'raw_data'); diff --git a/pages/schema.php b/pages/schema.php index db2927fc1..0254e86af 100644 --- a/pages/schema.php +++ b/pages/schema.php @@ -1119,7 +1119,6 @@ $operation = utils::ReadParam('operation', ''); $oPage = new iTopWebPage(Dict::S('UI:Schema:Title')); $oPage->no_cache(); -$oPage->add_header('X-Frame-Options: deny'); $oPage->SetBreadCrumbEntry('ui-tool-datamodel', Dict::S('Menu:DataModelMenu'), Dict::S('Menu:DataModelMenu+'), '', utils::GetAbsoluteUrlAppRoot().'images/wrench.png'); diff --git a/webservices/export-v2.php b/webservices/export-v2.php index af116e231..0efd4243f 100644 --- a/webservices/export-v2.php +++ b/webservices/export-v2.php @@ -346,7 +346,6 @@ function InteractiveShell($sExpression, $sQueryId, $sFormat, $sFileName, $sMode) if ($sMode == 'dialog') { $oP = new ajax_page(''); - $oP->add_header('X-Frame-Options: deny'); $oP->add('
'); $sExportBtnLabel = json_encode(Dict::S('UI:Button:Export')); $sJSTitle = json_encode(htmlentities(utils::ReadParam('dialog_title', '', false, 'raw_data'), ENT_QUOTES, 'UTF-8')); @@ -372,7 +371,6 @@ EOF else { $oP = new iTopWebPage('iTop Export'); - $oP->add_header('X-Frame-Options: deny'); $oP->SetBreadCrumbEntry('ui-tool-export', Dict::S('Menu:ExportMenu'), Dict::S('Menu:ExportMenu+'), '', utils::GetAbsoluteUrlAppRoot().'images/wrench.png'); } @@ -749,7 +747,6 @@ try else { $oP = new ajax_page('iTop export'); - $oP->add_header('X-Frame-Options: deny'); $oP->SetContentType($oExporter->GetMimeType()); } DoExport($oP, $oExporter, false); @@ -759,7 +756,6 @@ try catch (BulkExportMissingParameterException $e) { $oP = new ajax_page('iTop Export'); - $oP->add_header('X-Frame-Options: deny'); $oP->add($e->getMessage()); Usage($oP); $oP->output();