Fix support for "allow-from X" in "x_frame_options" config option (#6449)

6 years ago · 4f683c26e1
parent 4303c59467
commit 4f683c26e1
1 changed files with 1 additions and 1 deletions
--- a/program/include/rcmail_output_html.php
+++ b/program/include/rcmail_output_html.php
@ -529,7 +529,7 @@ EOF;
        // allow (legal) iframe content to be loaded
        $iframe = $this->framed || $this->env['framed'];
        if (!headers_sent() && $iframe && ($xopt = $this->app->config->get('x_frame_options', 'sameorigin'))) {
-            if (strtolower($xopt) != 'sameorigin') {
+            if (strtolower($xopt) === 'deny') {
                header('X-Frame-Options: sameorigin', true);
            }
        }