summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--app/Controller/Base.php2
-rw-r--r--app/constants.php3
-rw-r--r--config.default.php3
3 files changed, 7 insertions, 1 deletions
diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index a4e94343..6420e0ee 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -153,7 +153,7 @@ abstract class Base
$this->response->xss();
// Allow the public board iframe inclusion
- if ($action !== 'readonly') {
+ if (ENABLE_XFRAME && $action !== 'readonly') {
$this->response->xframe();
}
diff --git a/app/constants.php b/app/constants.php
index 63902b4d..82d26f2c 100644
--- a/app/constants.php
+++ b/app/constants.php
@@ -68,6 +68,9 @@ defined('MAIL_SENDMAIL_COMMAND') or define('MAIL_SENDMAIL_COMMAND', '/usr/sbin/s
// Enable or disable "Strict-Transport-Security" HTTP header
defined('ENABLE_HSTS') or define('ENABLE_HSTS', true);
+// Enable or disable "X-Frame-Options: DENY" HTTP header
+defined('ENABLE_XFRAME') or define('ENABLE_XFRAME', true);
+
// Default files directory
defined('FILES_DIR') or define('FILES_DIR', 'data/files/');
diff --git a/config.default.php b/config.default.php
index e508a84d..eb9ad1b8 100644
--- a/config.default.php
+++ b/config.default.php
@@ -124,3 +124,6 @@ define('REVERSE_PROXY_DEFAULT_DOMAIN', '');
// Enable or disable "Strict-Transport-Security" HTTP header
define('ENABLE_HSTS', true);
+
+// Enable or disable "X-Frame-Options: DENY" HTTP header
+define('ENABLE_XFRAME', true);
generated by cgit v1.2.3 (git 2.46.0) at 2025-02-17 01:56:40 +0000