diff options
| author | Georg Ehrke <georgehrke@users.noreply.github.com> | 2017-03-27 15:05:22 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-03-27 15:05:22 +0200 |
| commit | fc044caab1813db961281cf0688867640edf7288 (patch) | |
| tree | 0879829c29eb6d38108ee208171b1c5917721957 /lib | |
| parent | f4c9e44403df01530c25585166f099043b79c211 (diff) | |
| parent | bff6c8aafc49a3260294c3244571e3a31fd09cca (diff) | |
| download | nextcloud-server-fc044caab1813db961281cf0688867640edf7288.tar.gz nextcloud-server-fc044caab1813db961281cf0688867640edf7288.zip | |
Merge pull request #4072 from nextcloud/move-x-frame-options-into-php
Move X-Frame-Options into PHP
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/legacy/response.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/private/legacy/response.php b/lib/private/legacy/response.php index 69c84e2df68..8937b56a707 100644 --- a/lib/private/legacy/response.php +++ b/lib/private/legacy/response.php @@ -255,13 +255,13 @@ class OC_Response { . 'media-src *; ' . 'connect-src *'; header('Content-Security-Policy:' . $policy); + header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains // Send fallback headers for installations that don't have the possibility to send // custom headers on the webserver side if(getenv('modHeadersAvailable') !== 'true') { header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE - header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains header('X-Robots-Tag: none'); // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag header('X-Download-Options: noopen'); // https://msdn.microsoft.com/en-us/library/jj542450(v=vs.85).aspx header('X-Permitted-Cross-Domain-Policies: none'); // https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html |