- xframe restriction configurable now

author: Florian Scholz <FlorianScholz@bgstyle.de> 2013-04-24 14:45:40 +0200
committer: Florian Scholz <FlorianScholz@bgstyle.de> 2013-04-24 14:45:40 +0200
commit: 03aa86d8a6e6631547b72f0f01a2394784900db2 (patch)
tree: 4632a1b473d0ecf5fbc8de720c560bf36d715e7a /lib/template.php
parent: b1c9b296e809f1a1ebc1283013138f4f5cfc0141 (diff)
download: nextcloud-server-03aa86d8a6e6631547b72f0f01a2394784900db2.tar.gz
nextcloud-server-03aa86d8a6e6631547b72f0f01a2394784900db2.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/template.php b/lib/template.php
index 434c1e9e990..dd5542e099a 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -186,10 +186,15 @@ class OC_Template{
 		$this->l10n = OC_L10N::get($parts[0]);
 
 		// Some headers to enhance security
-		header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains
 		header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
 		header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
 
+		// iFrame Restriction Policy
+		$xFramePolicy = OC_Config::getValue('xframe_restriction', true);
+		if($xFramePolicy) {
+			header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains
+		}
+		
 		// Content Security Policy
 		// If you change the standard policy, please also change it in config.sample.php
 		$policy = OC_Config::getValue('custom_csp_policy',
author	Florian Scholz <FlorianScholz@bgstyle.de>	2013-04-24 14:45:40 +0200
committer	Florian Scholz <FlorianScholz@bgstyle.de>	2013-04-24 14:45:40 +0200
commit	03aa86d8a6e6631547b72f0f01a2394784900db2 (patch)
tree	4632a1b473d0ecf5fbc8de720c560bf36d715e7a /lib/template.php
parent	b1c9b296e809f1a1ebc1283013138f4f5cfc0141 (diff)
download	nextcloud-server-03aa86d8a6e6631547b72f0f01a2394784900db2.tar.gz nextcloud-server-03aa86d8a6e6631547b72f0f01a2394784900db2.zip