diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2013-04-24 08:02:12 -0700 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2013-04-24 08:02:12 -0700 |
| commit | a34350c803efd98094c05473f1c45b6792a9ceeb (patch) | |
| tree | d4fa918c0a73c8552909f264797d8eb0e3b89728 /lib/template.php | |
| parent | 4660f194ea3e17dec38b0664c889dcfaeb694f7e (diff) | |
| parent | 03aa86d8a6e6631547b72f0f01a2394784900db2 (diff) | |
| download | nextcloud-server-a34350c803efd98094c05473f1c45b6792a9ceeb.tar.gz nextcloud-server-a34350c803efd98094c05473f1c45b6792a9ceeb.zip | |
Merge pull request #3106 from IMM0rtalis/xframe_restriction_config
- xframe restriction configurable now
Diffstat (limited to 'lib/template.php')
| -rw-r--r-- | lib/template.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/template.php b/lib/template.php index f007618ff19..ad875359d7f 100644 --- a/lib/template.php +++ b/lib/template.php @@ -186,10 +186,15 @@ class OC_Template{ $this->l10n = OC_L10N::get($parts[0]); // Some headers to enhance security - header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE + // iFrame Restriction Policy + $xFramePolicy = OC_Config::getValue('xframe_restriction', true); + if($xFramePolicy) { + header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains + } + // Content Security Policy // If you change the standard policy, please also change it in config.sample.php $policy = OC_Config::getValue('custom_csp_policy', |