Merge pull request #4324 from nextcloud/downstream-27581-27602

Fix casing of same origin frame option
2017-04-12 15:54:46 +02:00 · 2017-04-12 15:54:46 +02:00 · c996e91d59
parent af42ca2025 bd37021587
commit c996e91d59
4 changed files with 5 additions and 5 deletions
--- a/build/integration/features/carddav.feature
+++ b/build/integration/features/carddav.feature
@ -45,7 +45,7 @@ Feature: carddav
        |Content-Security-Policy|default-src 'none';|
        |X-Content-Type-Options |nosniff|
        |X-Download-Options|noopen|
-        |X-Frame-Options|Sameorigin|
+        |X-Frame-Options|SAMEORIGIN|
        |X-Permitted-Cross-Domain-Policies|none|
        |X-Robots-Tag|none|
        |X-XSS-Protection|1; mode=block|
@ -60,7 +60,7 @@ Feature: carddav
      |Content-Security-Policy|default-src 'none';|
      |X-Content-Type-Options |nosniff|
      |X-Download-Options|noopen|
-      |X-Frame-Options|Sameorigin|
+      |X-Frame-Options|SAMEORIGIN|
      |X-Permitted-Cross-Domain-Policies|none|
      |X-Robots-Tag|none|
      |X-XSS-Protection|1; mode=block|
--- a/build/integration/features/dav-v2.feature
+++ b/build/integration/features/dav-v2.feature
@ -26,7 +26,7 @@ Feature: dav-v2
 			|Content-Security-Policy|default-src 'none';|
 			|X-Content-Type-Options |nosniff|
 			|X-Download-Options|noopen|
-			|X-Frame-Options|Sameorigin|
+			|X-Frame-Options|SAMEORIGIN|
 			|X-Permitted-Cross-Domain-Policies|none|
 			|X-Robots-Tag|none|
 			|X-XSS-Protection|1; mode=block|
--- a/build/integration/features/webdav-related.feature
+++ b/build/integration/features/webdav-related.feature
@ -243,7 +243,7 @@ Feature: webdav-related
 			|Content-Security-Policy|default-src 'none';|
 			|X-Content-Type-Options |nosniff|
 			|X-Download-Options|noopen|
-			|X-Frame-Options|Sameorigin|
+			|X-Frame-Options|SAMEORIGIN|
 			|X-Permitted-Cross-Domain-Policies|none|
 			|X-Robots-Tag|none|
 			|X-XSS-Protection|1; mode=block|
--- a/lib/private/legacy/response.php
+++ b/lib/private/legacy/response.php
@ -257,7 +257,7 @@ class OC_Response {
 			. 'object-src \'none\'; '
 			. 'base-uri \'self\'; ';
 		header('Content-Security-Policy:' . $policy);
-		header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains
+		header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains

 		// Send fallback headers for installations that don't have the possibility to send
 		// custom headers on the webserver side