From 872dc79dbd8b04424520e32675a6e0dcb6ed44bc Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Wed, 25 May 2016 21:28:33 -0400
Subject: Do not execute controller if the response is already sent

---
 app/Middleware/BootstrapMiddleware.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/Middleware')

diff --git a/app/Middleware/BootstrapMiddleware.php b/app/Middleware/BootstrapMiddleware.php
index c9de1de9..727f600c 100644
--- a/app/Middleware/BootstrapMiddleware.php
+++ b/app/Middleware/BootstrapMiddleware.php
@@ -33,7 +33,7 @@ class BootstrapMiddleware extends BaseMiddleware
         $this->response->withContentSecurityPolicy($this->container['cspRules']);
         $this->response->withSecurityHeaders();
 
-        if (ENABLE_XFRAME && $this->router->getAction() !== 'readonly') {
+        if (ENABLE_XFRAME) {
             $this->response->withXframe();
         }
 
-- 
cgit v1.2.3