Allow setting X-FRAME-OPTIONS (#16643)

* Allow setting X-FRAME-OPTIONS This PR provides a mechanism to set the X-FRAME-OPTIONS header. Fix #7951 Signed-off-by: Andrew Thornton <art27@cantab.net> * Update docs/content/doc/advanced/config-cheat-sheet.en-us.md Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2021-08-06 21:47:10 +01:00 · 2021-08-06 21:47:10 +01:00 · afd88a2418
commit afd88a2418
parent 067d82b5a6
7 changed files with 12 additions and 6 deletions
--- a/routers/install/routes.go
+++ b/routers/install/routes.go
@ -61,7 +61,7 @@ func installRecovery() func(next http.Handler) http.Handler {
 						"SignedUserName": "",
 					}

-					w.Header().Set(`X-Frame-Options`, `SAMEORIGIN`)
+					w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)

 					if !setting.IsProd() {
 						store["ErrorMsg"] = combinedErr
--- a/routers/web/base.go
+++ b/routers/web/base.go
@ -171,7 +171,7 @@ func Recovery() func(next http.Handler) http.Handler {
 						store["SignedUserName"] = ""
 					}

-					w.Header().Set(`X-Frame-Options`, `SAMEORIGIN`)
+					w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)

 					if !setting.IsProd() {
 						store["ErrorMsg"] = combinedErr