Changeset 3526:4659a409fa68 for inc

Timestamp:

02/06/17 16:44:11 (8 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

Allow 3rd party additional headers and extend arg of urlHandlerServeDocument in order to cope with

File:

• inc/public/lib.urlhandlers.php (modified) (2 diffs)

inc/public/lib.urlhandlers.php

@@ -110 +110 @@
 
           header('Content-Type: '.$_ctx->content_type.'; charset=UTF-8');
+
+          // Additional headers
+          $headers = new ArrayObject;
           if ($core->blog->settings->system->prevents_clickjacking) {
                if ($_ctx->exists('xframeoption')) {
                     $url = parse_url($_ctx->xframeoption);
-                    header(sprintf('X-Frame-Options: %s', is_array($url)?("ALLOW-FROM ".$url['scheme'].'://'.$url['host']):'SAMEORIGIN'));
+                    $header = sprintf('X-Frame-Options: %s',
+                         is_array($url)?("ALLOW-FROM ".$url['scheme'].'://'.$url['host']):'SAMEORIGIN');
                } else {
                     // Prevents Clickjacking as far as possible
-                    header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
-               }
+                    $header = 'X-Frame-Options: SAMEORIGIN'; // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
+               }
+               $headers[] = $header;
+          }
+          # --BEHAVIOR-- urlHandlerServeDocumentHeaders
+          $core->callBehavior('urlHandlerServeDocumentHeaders',$headers);
+
+          // Send additional headers if any
+          foreach ($headers as $header) {
+               header($header);
           }
 
@@ -124 +136 @@
           $result['tpl'] = $_ctx->current_tpl;
           $result['blogupddt'] = $core->blog->upddt;
+          $result['headers'] = $headers;
 
           # --BEHAVIOR-- urlHandlerServeDocument