From fb167c0e4b897bf9a93b4fd6176b15e2d4dbd4df Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Fri, 13 Nov 2015 08:19:57 +0000 Subject: [PATCH] Bug 15111: Change X-Frame-Options with SAMEORIGIN There are some places where frames are used, the greybox JS plugin for instance. We need either to allow them from Koha or replace this plugin. The easier for now is to switch the value from DENY with SAMEORIGIN. Test plan: - modify a record in a batch (tools/batch_record_modification.pl) - click on preview marc => With only the previous patch you will get a blank page. => With this patch apply, it will work as expected. Signed-off-by: Kyle M Hall Signed-off-by: Jonathan Druart Signed-off-by: Chris Cormack Signed-off-by: Kyle M Hall --- C4/Output.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/C4/Output.pm b/C4/Output.pm index 0527d6546f..0a0ae214b1 100644 --- a/C4/Output.pm +++ b/C4/Output.pm @@ -269,7 +269,7 @@ sub output_with_http_headers { charset => 'UTF-8', Pragma => 'no-cache', 'Cache-Control' => $cache_policy, - 'X-Frame-Options' => 'DENY', + 'X-Frame-Options' => 'SAMEORIGIN', }; $options->{expires} = 'now' if $extra_options->{force_no_caching}; -- 2.39.5