raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-24 20:36:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Require https for embedding sites

Browse Source
This commit is contained in:
Matt-Yorkley
2017-05-27 11:25:25 +01:00
committed by Maikel Linke
parent 782a812596
commit 0eb4c7f7ba
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/application_controller.rb
View File

@@ -52,6 +52,7 @@ class ApplicationController < ActionController::Base
def enable_embedded_shopfront
whitelist = Spree::Config[:embedded_shopfronts_whitelist]
return unless Spree::Config[:enable_embedded_shopfronts] and whitelist.present?
return if (request.referer and URI(request.referer).scheme != 'https' and !Rails.env.test?)
response.headers.delete 'X-Frame-Options'
response.headers['Content-Security-Policy'] = "frame-ancestors #{whitelist}"