From 201e1f239728f3656f5f71792a7d5ce9b5a05144 Mon Sep 17 00:00:00 2001
From: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Date: Fri, 13 Nov 2015 08:19:57 +0000
Subject: [PATCH] Bug 15111: Change X-Frame-Options with SAMEORIGIN

There are some places where frames are used, the greybox JS plugin for
instance.

We need either to allow them from Koha or replace this plugin.
The easier for now is to switch the value from DENY with SAMEORIGIN.

Test plan:
- modify a record in a batch (tools/batch_record_modification.pl)
- click on preview marc
=> With only the previous patch you will get a blank page.
=> With this patch apply, it will work as expected.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit fb167c0e4b897bf9a93b4fd6176b15e2d4dbd4df)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
---
 C4/Output.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/C4/Output.pm b/C4/Output.pm
index 0527d6546f..0a0ae214b1 100644
--- a/C4/Output.pm
+++ b/C4/Output.pm
@@ -269,7 +269,7 @@ sub output_with_http_headers {
         charset           => 'UTF-8',
         Pragma            => 'no-cache',
         'Cache-Control'   => $cache_policy,
-        'X-Frame-Options' => 'DENY',
+        'X-Frame-Options' => 'SAMEORIGIN',
     };
     $options->{expires} = 'now' if $extra_options->{force_no_caching};
 
-- 
2.20.1