Merge pull request #4324 from nextcloud/downstream-27581-27602
Fix casing of same origin frame option
This commit is contained in:
commit
c996e91d59
|
@ -45,7 +45,7 @@ Feature: carddav
|
||||||
|Content-Security-Policy|default-src 'none';|
|
|Content-Security-Policy|default-src 'none';|
|
||||||
|X-Content-Type-Options |nosniff|
|
|X-Content-Type-Options |nosniff|
|
||||||
|X-Download-Options|noopen|
|
|X-Download-Options|noopen|
|
||||||
|X-Frame-Options|Sameorigin|
|
|X-Frame-Options|SAMEORIGIN|
|
||||||
|X-Permitted-Cross-Domain-Policies|none|
|
|X-Permitted-Cross-Domain-Policies|none|
|
||||||
|X-Robots-Tag|none|
|
|X-Robots-Tag|none|
|
||||||
|X-XSS-Protection|1; mode=block|
|
|X-XSS-Protection|1; mode=block|
|
||||||
|
@ -60,7 +60,7 @@ Feature: carddav
|
||||||
|Content-Security-Policy|default-src 'none';|
|
|Content-Security-Policy|default-src 'none';|
|
||||||
|X-Content-Type-Options |nosniff|
|
|X-Content-Type-Options |nosniff|
|
||||||
|X-Download-Options|noopen|
|
|X-Download-Options|noopen|
|
||||||
|X-Frame-Options|Sameorigin|
|
|X-Frame-Options|SAMEORIGIN|
|
||||||
|X-Permitted-Cross-Domain-Policies|none|
|
|X-Permitted-Cross-Domain-Policies|none|
|
||||||
|X-Robots-Tag|none|
|
|X-Robots-Tag|none|
|
||||||
|X-XSS-Protection|1; mode=block|
|
|X-XSS-Protection|1; mode=block|
|
||||||
|
|
|
@ -26,7 +26,7 @@ Feature: dav-v2
|
||||||
|Content-Security-Policy|default-src 'none';|
|
|Content-Security-Policy|default-src 'none';|
|
||||||
|X-Content-Type-Options |nosniff|
|
|X-Content-Type-Options |nosniff|
|
||||||
|X-Download-Options|noopen|
|
|X-Download-Options|noopen|
|
||||||
|X-Frame-Options|Sameorigin|
|
|X-Frame-Options|SAMEORIGIN|
|
||||||
|X-Permitted-Cross-Domain-Policies|none|
|
|X-Permitted-Cross-Domain-Policies|none|
|
||||||
|X-Robots-Tag|none|
|
|X-Robots-Tag|none|
|
||||||
|X-XSS-Protection|1; mode=block|
|
|X-XSS-Protection|1; mode=block|
|
||||||
|
|
|
@ -243,7 +243,7 @@ Feature: webdav-related
|
||||||
|Content-Security-Policy|default-src 'none';|
|
|Content-Security-Policy|default-src 'none';|
|
||||||
|X-Content-Type-Options |nosniff|
|
|X-Content-Type-Options |nosniff|
|
||||||
|X-Download-Options|noopen|
|
|X-Download-Options|noopen|
|
||||||
|X-Frame-Options|Sameorigin|
|
|X-Frame-Options|SAMEORIGIN|
|
||||||
|X-Permitted-Cross-Domain-Policies|none|
|
|X-Permitted-Cross-Domain-Policies|none|
|
||||||
|X-Robots-Tag|none|
|
|X-Robots-Tag|none|
|
||||||
|X-XSS-Protection|1; mode=block|
|
|X-XSS-Protection|1; mode=block|
|
||||||
|
|
|
@ -257,7 +257,7 @@ class OC_Response {
|
||||||
. 'object-src \'none\'; '
|
. 'object-src \'none\'; '
|
||||||
. 'base-uri \'self\'; ';
|
. 'base-uri \'self\'; ';
|
||||||
header('Content-Security-Policy:' . $policy);
|
header('Content-Security-Policy:' . $policy);
|
||||||
header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains
|
header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains
|
||||||
|
|
||||||
// Send fallback headers for installations that don't have the possibility to send
|
// Send fallback headers for installations that don't have the possibility to send
|
||||||
// custom headers on the webserver side
|
// custom headers on the webserver side
|
||||||
|
|
Loading…
Reference in New Issue