Dotclear

Changeset 3490:70d5dbada713 for inc


Ignore:
Timestamp:
01/02/17 17:02:35 (9 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
default
Message:

Fix x-frame-options URL (specially on localhost)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • inc/admin/lib.dc.page.php

    r3460 r3490  
    11011101               return; 
    11021102          } 
     1103 
    11031104          if ($origin !== null) { 
    11041105               $url = parse_url($origin); 
    1105                $headers['x-frame-options'] = sprintf('X-Frame-Options: %s',is_array($url) ? 
     1106               $headers['x-frame-options'] = sprintf('X-Frame-Options: %s',is_array($url) && isset($url['host']) ? 
    11061107                    ("ALLOW-FROM ".(isset($url['scheme']) ? $url['scheme'].':' : '' ).'//'.$url['host']) : 
    11071108                    'SAMEORIGIN'); 
Note: See TracChangeset for help on using the changeset viewer.

Sites map