AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add option to enable/disable iframe inclusion http header

Browse Source
This commit is contained in:
Frederic Guillot
2015-03-21 18:25:35 -04:00
parent ed54d852db
commit bcb39ad4db
3 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controller/Base.php
View File

@@ -153,7 +153,7 @@ abstract class Base
$this->response->xss(); $this->response->xss();
// Allow the public board iframe inclusion // Allow the public board iframe inclusion
if ($action !== 'readonly') { if (ENABLE_XFRAME && $action !== 'readonly') {
$this->response->xframe(); $this->response->xframe();
} }

3
app/constants.php
View File

@@ -68,6 +68,9 @@ defined('MAIL_SENDMAIL_COMMAND') or define('MAIL_SENDMAIL_COMMAND', '/usr/sbin/s
// Enable or disable "Strict-Transport-Security" HTTP header // Enable or disable "Strict-Transport-Security" HTTP header
defined('ENABLE_HSTS') or define('ENABLE_HSTS', true); defined('ENABLE_HSTS') or define('ENABLE_HSTS', true);
// Enable or disable "X-Frame-Options: DENY" HTTP header
defined('ENABLE_XFRAME') or define('ENABLE_XFRAME', true);
// Default files directory // Default files directory
defined('FILES_DIR') or define('FILES_DIR', 'data/files/'); defined('FILES_DIR') or define('FILES_DIR', 'data/files/');

3
config.default.php
View File

@@ -124,3 +124,6 @@ define('REVERSE_PROXY_DEFAULT_DOMAIN', '');
// Enable or disable "Strict-Transport-Security" HTTP header // Enable or disable "Strict-Transport-Security" HTTP header
define('ENABLE_HSTS', true); define('ENABLE_HSTS', true);
// Enable or disable "X-Frame-Options: DENY" HTTP header
define('ENABLE_XFRAME', true);