From 026b59f025afa89aa351667a40b9d2539e281d82 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sat, 23 Nov 2019 22:18:51 -0700 Subject: [PATCH] Update StatusController --- app/Http/Controllers/StatusController.php | 2 +- app/Http/Kernel.php | 1 + app/Http/Middleware/FrameGuard.php | 26 +++++++++++++++++++++++ 3 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 app/Http/Middleware/FrameGuard.php diff --git a/app/Http/Controllers/StatusController.php b/app/Http/Controllers/StatusController.php index 5296cf0a3..465ef381a 100644 --- a/app/Http/Controllers/StatusController.php +++ b/app/Http/Controllers/StatusController.php @@ -95,7 +95,7 @@ class StatusController extends Controller $showCaption = $request->filled('caption') && $request->caption !== false; $layout = $request->filled('layout') && $request->layout == 'compact' ? 'compact' : 'full'; $content = view('status.embed', compact('status', 'showLikes', 'showCaption', 'layout')); - return response($content)->withHeaders(['x-frame-options' => 'ALLOWALL']); + return response($content)->withHeaders(['X-Frame-Options' => 'ALLOWALL']); } public function showObject(Request $request, $username, int $id) diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 7a8c91efe..33ed320a7 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -29,6 +29,7 @@ class Kernel extends HttpKernel protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, + \App\Http\Middleware\FrameGuard::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, // \Illuminate\Session\Middleware\AuthenticateSession::class, diff --git a/app/Http/Middleware/FrameGuard.php b/app/Http/Middleware/FrameGuard.php new file mode 100644 index 000000000..9fa377e3b --- /dev/null +++ b/app/Http/Middleware/FrameGuard.php @@ -0,0 +1,26 @@ +headers->has('X-Frame-Options')) { + $response->headers->set('X-Frame-Options', 'SAMEORIGIN', false); + } + + return $response; + } +}