Merge pull request #4324 from nextcloud/downstream-27581-27602

Fix casing of same origin frame option
This commit is contained in:
Roeland Jago Douma 2017-04-12 15:54:46 +02:00 committed by GitHub
commit c996e91d59
4 changed files with 5 additions and 5 deletions

View File

@ -45,7 +45,7 @@ Feature: carddav
|Content-Security-Policy|default-src 'none';| |Content-Security-Policy|default-src 'none';|
|X-Content-Type-Options |nosniff| |X-Content-Type-Options |nosniff|
|X-Download-Options|noopen| |X-Download-Options|noopen|
|X-Frame-Options|Sameorigin| |X-Frame-Options|SAMEORIGIN|
|X-Permitted-Cross-Domain-Policies|none| |X-Permitted-Cross-Domain-Policies|none|
|X-Robots-Tag|none| |X-Robots-Tag|none|
|X-XSS-Protection|1; mode=block| |X-XSS-Protection|1; mode=block|
@ -60,7 +60,7 @@ Feature: carddav
|Content-Security-Policy|default-src 'none';| |Content-Security-Policy|default-src 'none';|
|X-Content-Type-Options |nosniff| |X-Content-Type-Options |nosniff|
|X-Download-Options|noopen| |X-Download-Options|noopen|
|X-Frame-Options|Sameorigin| |X-Frame-Options|SAMEORIGIN|
|X-Permitted-Cross-Domain-Policies|none| |X-Permitted-Cross-Domain-Policies|none|
|X-Robots-Tag|none| |X-Robots-Tag|none|
|X-XSS-Protection|1; mode=block| |X-XSS-Protection|1; mode=block|

View File

@ -26,7 +26,7 @@ Feature: dav-v2
|Content-Security-Policy|default-src 'none';| |Content-Security-Policy|default-src 'none';|
|X-Content-Type-Options |nosniff| |X-Content-Type-Options |nosniff|
|X-Download-Options|noopen| |X-Download-Options|noopen|
|X-Frame-Options|Sameorigin| |X-Frame-Options|SAMEORIGIN|
|X-Permitted-Cross-Domain-Policies|none| |X-Permitted-Cross-Domain-Policies|none|
|X-Robots-Tag|none| |X-Robots-Tag|none|
|X-XSS-Protection|1; mode=block| |X-XSS-Protection|1; mode=block|

View File

@ -243,7 +243,7 @@ Feature: webdav-related
|Content-Security-Policy|default-src 'none';| |Content-Security-Policy|default-src 'none';|
|X-Content-Type-Options |nosniff| |X-Content-Type-Options |nosniff|
|X-Download-Options|noopen| |X-Download-Options|noopen|
|X-Frame-Options|Sameorigin| |X-Frame-Options|SAMEORIGIN|
|X-Permitted-Cross-Domain-Policies|none| |X-Permitted-Cross-Domain-Policies|none|
|X-Robots-Tag|none| |X-Robots-Tag|none|
|X-XSS-Protection|1; mode=block| |X-XSS-Protection|1; mode=block|

View File

@ -257,7 +257,7 @@ class OC_Response {
. 'object-src \'none\'; ' . 'object-src \'none\'; '
. 'base-uri \'self\'; '; . 'base-uri \'self\'; ';
header('Content-Security-Policy:' . $policy); header('Content-Security-Policy:' . $policy);
header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains
// Send fallback headers for installations that don't have the possibility to send // Send fallback headers for installations that don't have the possibility to send
// custom headers on the webserver side // custom headers on the webserver side