raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-04-03 06:59:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove X-Frame-Options header

Browse Source 
This header is largely deprecated, and is functionally replaced here by use of the frame-ancestors CSP configuration
This commit is contained in:
Matt-Yorkley
2021-12-25 01:46:44 +00:00
parent ce9b64a848
commit 05abb63036
3 changed files with 5 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/controllers/application_controller.rb
View File

@@ -37,7 +37,6 @@ class ApplicationController < ActionController::Base
include Spree::Core::ControllerHelpers::RespondWith
include Spree::Core::ControllerHelpers::Common
prepend_before_action :restrict_iframes
before_action :set_cache_headers # prevent cart emptying via cache when using back button #1213
include RawParams
@@ -107,11 +106,6 @@ class ApplicationController < ActionController::Base
session[:shopfront_redirect]
end
def restrict_iframes
response.headers['X-Frame-Options'] = 'DENY'
response.headers['Content-Security-Policy'] = "frame-ancestors 'none'"
end
def enable_embedded_shopfront
embed_service = EmbeddedPageService.new(params, session, request, response)
embed_service.embed!