remove x-frame-options

pull/702/head
Luke Pulverenti 9 years ago
parent ec663b7811
commit b6b6b85bf4

@ -184,8 +184,6 @@ namespace MediaBrowser.Model.Configuration
public bool EnableVideoArchiveFiles { get; set; } public bool EnableVideoArchiveFiles { get; set; }
public int RemoteClientBitrateLimit { get; set; } public int RemoteClientBitrateLimit { get; set; }
public bool DenyIFrameEmbedding { get; set; }
public AutoOnOff EnableLibraryMonitor { get; set; } public AutoOnOff EnableLibraryMonitor { get; set; }
public int SharingExpirationDays { get; set; } public int SharingExpirationDays { get; set; }
@ -222,7 +220,6 @@ namespace MediaBrowser.Model.Configuration
EnableAnonymousUsageReporting = true; EnableAnonymousUsageReporting = true;
EnableAutomaticRestart = true; EnableAutomaticRestart = true;
DenyIFrameEmbedding = true;
EnableUPnP = true; EnableUPnP = true;
SharingExpirationDays = 30; SharingExpirationDays = 30;

@ -106,7 +106,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer
} }
}); });
HostContext.GlobalResponseFilters.Add(new ResponseFilter(_logger, () => _config.Configuration.DenyIFrameEmbedding).FilterResponse); HostContext.GlobalResponseFilters.Add(new ResponseFilter(_logger).FilterResponse);
} }
public override void OnAfterInit() public override void OnAfterInit()

@ -12,12 +12,10 @@ namespace MediaBrowser.Server.Implementations.HttpServer
{ {
private static readonly CultureInfo UsCulture = new CultureInfo("en-US"); private static readonly CultureInfo UsCulture = new CultureInfo("en-US");
private readonly ILogger _logger; private readonly ILogger _logger;
private readonly Func<bool> _denyIframeEmbedding;
public ResponseFilter(ILogger logger, Func<bool> denyIframeEmbedding) public ResponseFilter(ILogger logger)
{ {
_logger = logger; _logger = logger;
_denyIframeEmbedding = denyIframeEmbedding;
} }
/// <summary> /// <summary>
@ -31,11 +29,6 @@ namespace MediaBrowser.Server.Implementations.HttpServer
// Try to prevent compatibility view // Try to prevent compatibility view
res.AddHeader("X-UA-Compatible", "IE=Edge"); res.AddHeader("X-UA-Compatible", "IE=Edge");
if (_denyIframeEmbedding())
{
res.AddHeader("X-Frame-Options", "SAMEORIGIN");
}
var exception = dto as Exception; var exception = dto as Exception;
if (exception != null) if (exception != null)

Loading…
Cancel
Save