mirror of
https://github.com/Combodo/iTop.git
synced 2026-02-13 07:24:13 +01:00
Merge remote-tracking branch 'origin/support/3.0' into support/3.1
# Conflicts: # pages/ajax.render.php
This commit is contained in:
Pierre Goiffon
@@ -687,7 +687,7 @@ abstract class Controller extends AbstractController
|
||||
{
|
||||
case self::ENUM_PAGE_TYPE_HTML:
|
||||
$this->m_oPage = new iTopWebPage($this->GetOperationTitle(), false);
|
||||
$this->m_oPage->add_xframe_options();
|
||||
$this->m_oPage->add_http_headers();
|
||||
|
||||
if ($this->m_bIsBreadCrumbEnabled) {
|
||||
if (count($this->m_aBreadCrumbEntry) > 0) {
|
||||
|
||||
@@ -46,7 +46,7 @@ class AjaxPage extends WebPage implements iTabbedPage
|
||||
parent::__construct($s_title, $bPrintable);
|
||||
//$this->add_header("Content-type: text/html; charset=utf-8");
|
||||
$this->no_cache();
|
||||
$this->add_xframe_options();
|
||||
$this->add_http_headers();
|
||||
$this->m_oTabs = new TabManager();
|
||||
$this->sContentType = 'text/html';
|
||||
$this->sContentDisposition = 'inline';
|
||||
|
||||
@@ -34,7 +34,7 @@ class CSVPage extends WebPage
|
||||
parent::__construct($s_title);
|
||||
$this->add_header("Content-type: text/plain; charset=".self::PAGES_CHARSET);
|
||||
$this->no_cache();
|
||||
$this->add_xframe_options();
|
||||
$this->add_http_headers();
|
||||
//$this->add_header("Content-Transfer-Encoding: binary");
|
||||
$oKpi->ComputeStats(get_class($this).' creation', 'CSVPage');
|
||||
}
|
||||
|
||||
@@ -1002,12 +1002,25 @@ JS;
|
||||
$this->a_headers[] = $s_header;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string|null $sXFrameOptionsHeaderValue passed to {@see add_xframe_options}
|
||||
*
|
||||
* @return void
|
||||
* @since 2.7.10 3.0.4 3.1.2 3.2.0 N°4368 method creation, replace {@see add_xframe_options} consumers call
|
||||
*/
|
||||
public function add_http_headers($sXFrameOptionsHeaderValue = null)
|
||||
{
|
||||
$this->add_xframe_options($sXFrameOptionsHeaderValue);
|
||||
$this->add_xcontent_type_options();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string|null $sHeaderValue for example `SAMESITE`. If null will set the header using the config parameter value.
|
||||
*
|
||||
* @since 2.7.3 3.0.0 N°3416
|
||||
* @uses security_header_xframe config parameter
|
||||
* @uses \utils::GetConfig()
|
||||
*
|
||||
* @link https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
|
||||
*/
|
||||
public function add_xframe_options($sHeaderValue = null)
|
||||
@@ -1019,6 +1032,17 @@ JS;
|
||||
$this->add_header('X-Frame-Options: '.$sHeaderValue);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return void
|
||||
* @since 2.7.10 3.0.4 3.1.2 3.2.0 N°4368 method creation
|
||||
*
|
||||
* @link https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
|
||||
*/
|
||||
public function add_xcontent_type_options()
|
||||
{
|
||||
$this->add_header('X-Content-Type-Options: nosniff');
|
||||
}
|
||||
|
||||
/**
|
||||
* Add needed headers to the page so that it will no be cached
|
||||
*/
|
||||
|
||||
@@ -44,7 +44,7 @@ class XMLPage extends WebPage
|
||||
$this->m_bHeaderSent = false;
|
||||
$this->add_header("Content-type: text/xml; charset=".self::PAGES_CHARSET);
|
||||
$this->no_cache();
|
||||
$this->add_xframe_options();
|
||||
$this->add_http_headers();
|
||||
$this->add_header("Content-location: export.xml");
|
||||
$oKpi->ComputeStats(get_class($this).' creation', 'XMLPage');
|
||||
}
|
||||
|
||||
@@ -137,7 +137,7 @@ class iTopWebPage extends NiceWebPage implements iTabbedPage
|
||||
$this->SetRootUrl(utils::GetAbsoluteUrlAppRoot());
|
||||
$this->add_header("Content-type: text/html; charset=".self::PAGES_CHARSET);
|
||||
$this->no_cache();
|
||||
$this->add_xframe_options();
|
||||
$this->add_http_headers();
|
||||
$this->PrepareLayout();
|
||||
if ($this->IsPrintableVersion()) {
|
||||
$oPrintHeader = $this->OutputPrintable();
|
||||
|
||||
Reference in New Issue
Block a user