IntenseFinance/firefly-iii
3
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-02-25 18:45:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add option to disable the X-Frame header

Browse Source
This commit is contained in:
James Cole
2018-11-24 07:24:32 +01:00
parent cb68505204
commit 1b3b39d2ea
6 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/Http/Middleware/SecureHeaders.php
View File

@@ -76,7 +76,10 @@ class SecureHeaders
"payment 'none'",
];
$response->header('X-Frame-Options', 'deny');
$disableFrameHeader = env('DISABLE_FRAME_HEADER');
if (false === $disableFrameHeader || null === $disableFrameHeader) {
$response->header('X-Frame-Options', 'deny');
}
$response->header('Content-Security-Policy', implode('; ', $csp));
$response->header('X-XSS-Protection', '1; mode=block');
$response->header('X-Content-Type-Options', 'nosniff');