Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Send X-Frame-Options: DENY if url is private or it's an admin one
  • Loading branch information
remdex committed Aug 24, 2021
1 parent 22fefff commit e0ae044
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion lhc_web/lib/core/lhcore/lhmodule.php
Expand Up @@ -83,7 +83,13 @@ static function runModule()
}

try {


// Send X-Frame-Options if URL is private
// Or it's site_admin based one
if (isset($currentUser) || erLhcoreClassSystem::instance()->SiteAccess == 'site_admin') {
header('X-Frame-Options: DENY');
}

if (isset($currentUser) && $currentUser->isLogged() && ($timeZone = $currentUser->getUserTimeZone()) != '') {
self::$defaultTimeZone = $timeZone;
date_default_timezone_set(self::$defaultTimeZone);
Expand Down

0 comments on commit e0ae044

Please sign in to comment.