mirror of
https://github.com/snipe/snipe-it.git
synced 2024-09-19 23:37:38 -07:00
Allow X-Frame-Options to be disabled via env if necessary
This commit is contained in:
parent
276e0a7114
commit
64cd4fb1c9
|
@ -75,3 +75,4 @@ APP_LOG=single
|
||||||
APP_LOCKED=false
|
APP_LOCKED=false
|
||||||
FILESYSTEM_DISK=local
|
FILESYSTEM_DISK=local
|
||||||
APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
|
APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
|
||||||
|
ALLOW_IFRAMING=false
|
||||||
|
|
|
@ -15,7 +15,10 @@ class FrameGuard
|
||||||
public function handle($request, Closure $next)
|
public function handle($request, Closure $next)
|
||||||
{
|
{
|
||||||
$response = $next($request);
|
$response = $next($request);
|
||||||
|
if (config('app.allow_iframing') == false) {
|
||||||
$response->headers->set('X-Frame-Options', 'SAMEORIGIN', false);
|
$response->headers->set('X-Frame-Options', 'SAMEORIGIN', false);
|
||||||
|
}
|
||||||
return $response;
|
return $response;
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -127,6 +127,20 @@ return [
|
||||||
'private_uploads' => storage_path().'/private_uploads',
|
'private_uploads' => storage_path().'/private_uploads',
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| ALLOW I-FRAMING
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| Normal users will never need to edit this. This option lets you run
|
||||||
|
| Snipe-IT within an I-Frame, which is normally disabled by default for
|
||||||
|
| security reasons, to prevent clickjacking. It should normally be set to false.
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
'allow_iframing' => env('ALLOW_IFRAMING', false),
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|--------------------------------------------------------------------------
|
|--------------------------------------------------------------------------
|
||||||
| Demo Mode Lockdown
|
| Demo Mode Lockdown
|
||||||
|
@ -140,7 +154,6 @@ return [
|
||||||
'lock_passwords' => env('APP_LOCKED', false),
|
'lock_passwords' => env('APP_LOCKED', false),
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|--------------------------------------------------------------------------
|
|--------------------------------------------------------------------------
|
||||||
| Autoloaded Service Providers
|
| Autoloaded Service Providers
|
||||||
|
|
|
@ -22,3 +22,5 @@ APP_KEY=Y5hJeC7x1i7OxhDrvrQPlB9KvCorvRdO
|
||||||
APP_URL=http://127.0.0.1:32782
|
APP_URL=http://127.0.0.1:32782
|
||||||
APP_TIMEZONE=US/Pacific
|
APP_TIMEZONE=US/Pacific
|
||||||
APP_LOCALE=en
|
APP_LOCALE=en
|
||||||
|
|
||||||
|
ALLOW_IFRAMING=false
|
||||||
|
|
Loading…
Reference in a new issue