tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-10 12:37:19 +00:00
Code Releases Activity

Move cors.X_FRAME_OPTIONS to security.X_FRAME_OPTIONS and add false option

Browse Source
This commit is contained in:
silverwind
2024-04-03 01:17:38 +02:00
parent e006451ab1
commit aace6002ee
8 changed files with 19 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
services/context/api.go
View File

@ -235,7 +235,10 @@ func APIContexter() func(http.Handler) http.Handler {
}
httpcache.SetCacheControlInHeader(ctx.Resp.Header(), 0, "no-transform")
ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
if setting.XFrameOptions != "false" {
ctx.Resp.Header().Set(`X-Frame-Options`, setting.XFrameOptions)
}
next.ServeHTTP(ctx.Resp, ctx.Req)
})