From bd37021587fcb8e56d3cf984cad6f1193ad64cdb Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Wed, 12 Apr 2017 12:37:32 +0200
Subject: [PATCH] Fix casing of same origin frame option

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 build/integration/features/carddav.feature        | 4 ++--
 build/integration/features/dav-v2.feature         | 2 +-
 build/integration/features/webdav-related.feature | 2 +-
 lib/private/legacy/response.php                   | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/build/integration/features/carddav.feature b/build/integration/features/carddav.feature
index 9432130066..57fd8cd7da 100644
--- a/build/integration/features/carddav.feature
+++ b/build/integration/features/carddav.feature
@@ -45,7 +45,7 @@ Feature: carddav
         |Content-Security-Policy|default-src 'none';|
         |X-Content-Type-Options |nosniff|
         |X-Download-Options|noopen|
-        |X-Frame-Options|Sameorigin|
+        |X-Frame-Options|SAMEORIGIN|
         |X-Permitted-Cross-Domain-Policies|none|
         |X-Robots-Tag|none|
         |X-XSS-Protection|1; mode=block|
@@ -60,7 +60,7 @@ Feature: carddav
       |Content-Security-Policy|default-src 'none';|
       |X-Content-Type-Options |nosniff|
       |X-Download-Options|noopen|
-      |X-Frame-Options|Sameorigin|
+      |X-Frame-Options|SAMEORIGIN|
       |X-Permitted-Cross-Domain-Policies|none|
       |X-Robots-Tag|none|
       |X-XSS-Protection|1; mode=block|
diff --git a/build/integration/features/dav-v2.feature b/build/integration/features/dav-v2.feature
index 3e85dc749d..ad24c9b593 100644
--- a/build/integration/features/dav-v2.feature
+++ b/build/integration/features/dav-v2.feature
@@ -26,7 +26,7 @@ Feature: dav-v2
 			|Content-Security-Policy|default-src 'none';|
 			|X-Content-Type-Options |nosniff|
 			|X-Download-Options|noopen|
-			|X-Frame-Options|Sameorigin|
+			|X-Frame-Options|SAMEORIGIN|
 			|X-Permitted-Cross-Domain-Policies|none|
 			|X-Robots-Tag|none|
 			|X-XSS-Protection|1; mode=block|
diff --git a/build/integration/features/webdav-related.feature b/build/integration/features/webdav-related.feature
index 775bf2ca88..6aee59036d 100644
--- a/build/integration/features/webdav-related.feature
+++ b/build/integration/features/webdav-related.feature
@@ -243,7 +243,7 @@ Feature: webdav-related
 			|Content-Security-Policy|default-src 'none';|
 			|X-Content-Type-Options |nosniff|
 			|X-Download-Options|noopen|
-			|X-Frame-Options|Sameorigin|
+			|X-Frame-Options|SAMEORIGIN|
 			|X-Permitted-Cross-Domain-Policies|none|
 			|X-Robots-Tag|none|
 			|X-XSS-Protection|1; mode=block|
diff --git a/lib/private/legacy/response.php b/lib/private/legacy/response.php
index 115eb5baa6..fa73f3d6d0 100644
--- a/lib/private/legacy/response.php
+++ b/lib/private/legacy/response.php
@@ -257,7 +257,7 @@ class OC_Response {
 			. 'object-src \'none\'; '
 			. 'base-uri \'self\'; ';
 		header('Content-Security-Policy:' . $policy);
-		header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains
+		header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains
 
 		// Send fallback headers for installations that don't have the possibility to send
 		// custom headers on the webserver side