Changeset 2915:c45489df2bde for inc/admin

Timestamp:

01/13/15 08:22:24 (11 years ago)

Author:

Dsls

Branch:

2.7

Tags:

2.7.3

Message:

Last tuning for x-frame-options (inc preview), see #2049

File:

inc/admin/lib.dc.page.php

r2909	r2915
930	930	if ($origin !== null) {
931	931	$url = parse_url($origin);
932		header(sprintf('X-Frame-Options: %s', is_array($url)?($url['scheme'].'://'.$url['host']):'SAMEORIGIN'));
	932	header(sprintf('X-Frame-Options: %s', is_array($url)?("ALLOW-FROM ".$url['scheme'].'://'.$url['host']):'SAMEORIGIN'));
933	933	} else {
934	934	header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+

Note: See TracChangeset for help on using the changeset viewer.