davrot/forgejo_backup
1
0
Fork 0
mirror of https://codeberg.org/davrot/forgejo.git synced 2025-05-17 14:00:01 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Allow setting X-FRAME-OPTIONS (#16643)

Browse source 
* Allow setting X-FRAME-OPTIONS

This PR provides a mechanism to set the X-FRAME-OPTIONS header.

Fix #7951

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: John Olheiser <john.olheiser@gmail.com>

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
This commit is contained in:
zeripath 2021-08-06 21:47:10 +01:00 committed by GitHub
parent 067d82b5a6
commit afd88a2418
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 12 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/context/context.go
View file

@ -729,7 +729,7 @@ func Contexter() func(next http.Handler) http.Handler {
}
}
ctx.Resp.Header().Set(`X-Frame-Options`, `SAMEORIGIN`)
ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
ctx.Data["CsrfToken"] = html.EscapeString(ctx.csrf.GetToken())
ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.Data["CsrfToken"].(string) + `">`)