Fix support for "allow-from X" in "x_frame_options" config option (#6449)

pull/6465/head
Fedor A. Fetisov 6 years ago committed by Aleksander Machniak
parent 4303c59467
commit 4f683c26e1

@ -529,7 +529,7 @@ EOF;
// allow (legal) iframe content to be loaded
$iframe = $this->framed || $this->env['framed'];
if (!headers_sent() && $iframe && ($xopt = $this->app->config->get('x_frame_options', 'sameorigin'))) {
if (strtolower($xopt) != 'sameorigin') {
if (strtolower($xopt) === 'deny') {
header('X-Frame-Options: sameorigin', true);
}
}

Loading…
Cancel
Save