Issue #3101 Added option define('X-FRAME-SAMEORIGIN', false); for e107_config.php

2025-01-17 12:48:24 +01:00 · 2018-08-03 17:14:39 -07:00 · 2018-08-03 17:14:39 -07:00 · 5f11415fbf
commit 5f11415fbf
parent 86c866b6c4
1 changed files with 4 additions and 2 deletions
--- a/class2.php
+++ b/class2.php
@ -2793,8 +2793,10 @@ class e_http_header
 			$this->setHeader('Vary: Accept');
 		}

-
-		$this->setHeader('X-Frame-Options: SAMEORIGIN');
+		if(defset('X-FRAME-SAMEORIGIN') !== false)
+		{
+			$this->setHeader('X-Frame-Options: SAMEORIGIN');
+		}

 		// should come after the Etag header
 		if ($canCache && isset($_SERVER['HTTP_IF_NONE_MATCH']))