banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix support for "allow-from X" in "x_frame_options" config option (#6449)

Browse Source
pull/6465/head
Fedor A. Fetisov 6 years ago committed by Aleksander Machniak
parent 4303c59467
commit 4f683c26e1
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
program/include/rcmail_output_html.php
Unescape Escape View File

@ -529,7 +529,7 @@ EOF;
// allow (legal) iframe content to be loaded // allow (legal) iframe content to be loaded
$iframe = $this->framed || $this->env['framed']; $iframe = $this->framed || $this->env['framed'];
if (!headers_sent() && $iframe && ($xopt = $this->app->config->get('x_frame_options', 'sameorigin'))) { if (!headers_sent() && $iframe && ($xopt = $this->app->config->get('x_frame_options', 'sameorigin'))) {
if (strtolower($xopt) != 'sameorigin') { if (strtolower($xopt) === 'deny') {
header('X-Frame-Options: sameorigin', true); header('X-Frame-Options: sameorigin', true);
} }
} }

Write Preview
Loading…
Cancel
Save