diff --git a/app/Http/Controllers/StatusController.php b/app/Http/Controllers/StatusController.php index 5296cf0a3..465ef381a 100644 --- a/app/Http/Controllers/StatusController.php +++ b/app/Http/Controllers/StatusController.php @@ -95,7 +95,7 @@ class StatusController extends Controller $showCaption = $request->filled('caption') && $request->caption !== false; $layout = $request->filled('layout') && $request->layout == 'compact' ? 'compact' : 'full'; $content = view('status.embed', compact('status', 'showLikes', 'showCaption', 'layout')); - return response($content)->withHeaders(['x-frame-options' => 'ALLOWALL']); + return response($content)->withHeaders(['X-Frame-Options' => 'ALLOWALL']); } public function showObject(Request $request, $username, int $id) diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 7a8c91efe..33ed320a7 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -29,6 +29,7 @@ class Kernel extends HttpKernel protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, + \App\Http\Middleware\FrameGuard::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, // \Illuminate\Session\Middleware\AuthenticateSession::class, diff --git a/app/Http/Middleware/FrameGuard.php b/app/Http/Middleware/FrameGuard.php new file mode 100644 index 000000000..9fa377e3b --- /dev/null +++ b/app/Http/Middleware/FrameGuard.php @@ -0,0 +1,26 @@ +headers->has('X-Frame-Options')) { + $response->headers->set('X-Frame-Options', 'SAMEORIGIN', false); + } + + return $response; + } +}