diff options
| author | zeripath <art27@cantab.net> | 2021-08-06 21:47:10 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-06 16:47:10 -0400 |
| commit | afd88a2418efcef25058bf30df892471c3b68281 (patch) | |
| tree | 62564fe9b49acaee7d45f36240dfa149ed6d9f21 /routers | |
| parent | 067d82b5a6eb223ff6f6bfa1755e0a2c5bab1d3f (diff) | |
| download | gitea-afd88a2418efcef25058bf30df892471c3b68281.tar.gz gitea-afd88a2418efcef25058bf30df892471c3b68281.zip | |
Allow setting X-FRAME-OPTIONS (#16643)
* Allow setting X-FRAME-OPTIONS
This PR provides a mechanism to set the X-FRAME-OPTIONS header.
Fix #7951
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/install/routes.go | 2 | ||||
| -rw-r--r-- | routers/web/base.go | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/routers/install/routes.go b/routers/install/routes.go index 36130d4b3f..e9aca85d8e 100644 --- a/routers/install/routes.go +++ b/routers/install/routes.go @@ -61,7 +61,7 @@ func installRecovery() func(next http.Handler) http.Handler { "SignedUserName": "", } - w.Header().Set(`X-Frame-Options`, `SAMEORIGIN`) + w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions) if !setting.IsProd() { store["ErrorMsg"] = combinedErr diff --git a/routers/web/base.go b/routers/web/base.go index f079be51f0..9238ea2173 100644 --- a/routers/web/base.go +++ b/routers/web/base.go @@ -171,7 +171,7 @@ func Recovery() func(next http.Handler) http.Handler { store["SignedUserName"] = "" } - w.Header().Set(`X-Frame-Options`, `SAMEORIGIN`) + w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions) if !setting.IsProd() { store["ErrorMsg"] = combinedErr |