Changeset 2915:c45489df2bde
- Timestamp:
- 01/13/15 08:22:24 (9 years ago)
- Branch:
- 2.7
- Tags:
- 2.7.3
- Location:
- inc
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
inc/admin/lib.dc.page.php
r2909 r2915 930 930 if ($origin !== null) { 931 931 $url = parse_url($origin); 932 header(sprintf('X-Frame-Options: %s', is_array($url)?( $url['scheme'].'://'.$url['host']):'SAMEORIGIN'));932 header(sprintf('X-Frame-Options: %s', is_array($url)?("ALLOW-FROM ".$url['scheme'].'://'.$url['host']):'SAMEORIGIN')); 933 933 } else { 934 934 header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+ -
inc/public/lib.urlhandlers.php
r2797 r2915 111 111 header('Content-Type: '.$_ctx->content_type.'; charset=UTF-8'); 112 112 113 if ($core->blog->settings->system->prevents_clickjacking) { 113 if ($_ctx->exists('xframeoption')) { 114 $url = parse_url($_ctx->xframeoption); 115 header(sprintf('X-Frame-Options: %s', is_array($url)?("ALLOW-FROM ".$url['scheme'].'://'.$url['host']):'SAMEORIGIN')); 116 } elseif ($core->blog->settings->system->prevents_clickjacking) { 114 117 // Prevents Clickjacking as far as possible 115 118 header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+ … … 535 538 { 536 539 $_ctx->preview = true; 540 if (defined ("DC_ADMIN_URL")) { 541 $_ctx->xframeoption=DC_ADMIN_URL; 542 } 537 543 self::post($post_url); 538 544 }
Note: See TracChangeset
for help on using the changeset viewer.