Fix casing of same origin frame option

Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2017-04-12 12:37:32 +02:00
parent af42ca2025
commit bd37021587
No known key found for this signature in database
GPG Key ID: E166FD8976B3BAC8
4 changed files with 5 additions and 5 deletions

View File

@ -45,7 +45,7 @@ Feature: carddav
|Content-Security-Policy|default-src 'none';|
|X-Content-Type-Options |nosniff|
|X-Download-Options|noopen|
|X-Frame-Options|Sameorigin|
|X-Frame-Options|SAMEORIGIN|
|X-Permitted-Cross-Domain-Policies|none|
|X-Robots-Tag|none|
|X-XSS-Protection|1; mode=block|
@ -60,7 +60,7 @@ Feature: carddav
|Content-Security-Policy|default-src 'none';|
|X-Content-Type-Options |nosniff|
|X-Download-Options|noopen|
|X-Frame-Options|Sameorigin|
|X-Frame-Options|SAMEORIGIN|
|X-Permitted-Cross-Domain-Policies|none|
|X-Robots-Tag|none|
|X-XSS-Protection|1; mode=block|

View File

@ -26,7 +26,7 @@ Feature: dav-v2
|Content-Security-Policy|default-src 'none';|
|X-Content-Type-Options |nosniff|
|X-Download-Options|noopen|
|X-Frame-Options|Sameorigin|
|X-Frame-Options|SAMEORIGIN|
|X-Permitted-Cross-Domain-Policies|none|
|X-Robots-Tag|none|
|X-XSS-Protection|1; mode=block|

View File

@ -243,7 +243,7 @@ Feature: webdav-related
|Content-Security-Policy|default-src 'none';|
|X-Content-Type-Options |nosniff|
|X-Download-Options|noopen|
|X-Frame-Options|Sameorigin|
|X-Frame-Options|SAMEORIGIN|
|X-Permitted-Cross-Domain-Policies|none|
|X-Robots-Tag|none|
|X-XSS-Protection|1; mode=block|

View File

@ -257,7 +257,7 @@ class OC_Response {
. 'object-src \'none\'; '
. 'base-uri \'self\'; ';
header('Content-Security-Policy:' . $policy);
header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains
header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains
// Send fallback headers for installations that don't have the possibility to send
// custom headers on the webserver side