Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

NEW Add constant XFRAMEOPTIONS_ALLOWALL

Browse Source
This commit is contained in:
Laurent Destailleur 2019-01-11 17:03:29 +01:00
parent 4318c25c07
commit 79e3fcc109
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/main.inc.php
View File

@ -1115,7 +1115,8 @@ function top_httphead($contenttype='text/html', $forcenocache=0)
else header("Content-Type: ".$contenttype);
// Security options
header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on)
header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
if (! defined('XFRAMEOPTIONS_ALLOWALL')) header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
else header("X-Frame-Options: ALLOWALL");
//header("X-XSS-Protection: 1"); // XSS protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated.
if (! defined('FORCECSP'))
{