diff options
| author | Joas Schilling <coding@schilljs.com> | 2017-04-12 12:37:32 +0200 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2017-04-12 12:37:32 +0200 |
| commit | bd37021587fcb8e56d3cf984cad6f1193ad64cdb (patch) | |
| tree | 952a88691f515265315f8afceaf6ec119f328aa9 | |
| parent | af42ca20252b166bec2da34970137ec790a18328 (diff) | |
| download | nextcloud-server-bd37021587fcb8e56d3cf984cad6f1193ad64cdb.tar.gz nextcloud-server-bd37021587fcb8e56d3cf984cad6f1193ad64cdb.zip | |
Fix casing of same origin frame option
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | build/integration/features/carddav.feature | 4 | ||||
| -rw-r--r-- | build/integration/features/dav-v2.feature | 2 | ||||
| -rw-r--r-- | build/integration/features/webdav-related.feature | 2 | ||||
| -rw-r--r-- | lib/private/legacy/response.php | 2 |
4 files changed, 5 insertions, 5 deletions
diff --git a/build/integration/features/carddav.feature b/build/integration/features/carddav.feature index 9432130066e..57fd8cd7da4 100644 --- a/build/integration/features/carddav.feature +++ b/build/integration/features/carddav.feature @@ -45,7 +45,7 @@ Feature: carddav |Content-Security-Policy|default-src 'none';| |X-Content-Type-Options |nosniff| |X-Download-Options|noopen| - |X-Frame-Options|Sameorigin| + |X-Frame-Options|SAMEORIGIN| |X-Permitted-Cross-Domain-Policies|none| |X-Robots-Tag|none| |X-XSS-Protection|1; mode=block| @@ -60,7 +60,7 @@ Feature: carddav |Content-Security-Policy|default-src 'none';| |X-Content-Type-Options |nosniff| |X-Download-Options|noopen| - |X-Frame-Options|Sameorigin| + |X-Frame-Options|SAMEORIGIN| |X-Permitted-Cross-Domain-Policies|none| |X-Robots-Tag|none| |X-XSS-Protection|1; mode=block| diff --git a/build/integration/features/dav-v2.feature b/build/integration/features/dav-v2.feature index 3e85dc749d0..ad24c9b5931 100644 --- a/build/integration/features/dav-v2.feature +++ b/build/integration/features/dav-v2.feature @@ -26,7 +26,7 @@ Feature: dav-v2 |Content-Security-Policy|default-src 'none';| |X-Content-Type-Options |nosniff| |X-Download-Options|noopen| - |X-Frame-Options|Sameorigin| + |X-Frame-Options|SAMEORIGIN| |X-Permitted-Cross-Domain-Policies|none| |X-Robots-Tag|none| |X-XSS-Protection|1; mode=block| diff --git a/build/integration/features/webdav-related.feature b/build/integration/features/webdav-related.feature index 775bf2ca882..6aee59036d3 100644 --- a/build/integration/features/webdav-related.feature +++ b/build/integration/features/webdav-related.feature @@ -243,7 +243,7 @@ Feature: webdav-related |Content-Security-Policy|default-src 'none';| |X-Content-Type-Options |nosniff| |X-Download-Options|noopen| - |X-Frame-Options|Sameorigin| + |X-Frame-Options|SAMEORIGIN| |X-Permitted-Cross-Domain-Policies|none| |X-Robots-Tag|none| |X-XSS-Protection|1; mode=block| diff --git a/lib/private/legacy/response.php b/lib/private/legacy/response.php index 115eb5baa68..fa73f3d6d0d 100644 --- a/lib/private/legacy/response.php +++ b/lib/private/legacy/response.php @@ -257,7 +257,7 @@ class OC_Response { . 'object-src \'none\'; ' . 'base-uri \'self\'; '; header('Content-Security-Policy:' . $policy); - header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains + header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains // Send fallback headers for installations that don't have the possibility to send // custom headers on the webserver side |