Skip to content
Permalink
Browse files
[FIXED JENKINS-21881] System property for disabling X-Frame-Options
  • Loading branch information
daniel-beck committed Sep 7, 2014
1 parent aa7f0a9 commit fc78fdee9b7a95a6791d23575907cb3389363087
@@ -0,0 +1,17 @@
package jenkins.security;

import hudson.Extension;
import hudson.model.PageDecorator;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

/**
* Adds the 'X-Frame-Options' header to all web pages.
*
* @since TODO
*/
@Extension(ordinal = 1000)
public class FrameOptionsPageDecorator extends PageDecorator {
@Restricted(NoExternalUse.class)
public static boolean enabled = Boolean.valueOf(System.getProperty(FrameOptionsPageDecorator.class.getName() + ".enabled", "true"));
}
@@ -0,0 +1,6 @@
<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler">
<j:if test="${it.enabled}">
<st:header name="X-Frame-Options" value="sameorigin"/>
</j:if>
</j:jelly>
@@ -56,7 +56,6 @@ THE SOFTWARE.
<st:setHeader name="Expires" value="0" />
<st:setHeader name="Cache-Control" value="no-cache,no-store,must-revalidate" />
<st:setHeader name="X-Hudson-Theme" value="default" />
<st:setHeader name="X-Frame-Options" value="sameorigin" />
<st:contentType value="text/html;charset=UTF-8" />

<j:new var="h" className="hudson.Functions" /><!-- instead of JSP functions -->

0 comments on commit fc78fde

Please sign in to comment.