Skip to content
Permalink
Browse files
Send X-Frame-Options: DENY if url is private or it's an admin one
  • Loading branch information
remdex committed Aug 24, 2021
1 parent 22fefff commit e0ae04463ab0f4b5b5fae6df0bdc6eb6bba28887
Showing 1 changed file with 7 additions and 1 deletion.
@@ -83,7 +83,13 @@ static function runModule()
}

try {


// Send X-Frame-Options if URL is private
// Or it's site_admin based one
if (isset($currentUser) || erLhcoreClassSystem::instance()->SiteAccess == 'site_admin') {
header('X-Frame-Options: DENY');
}

if (isset($currentUser) && $currentUser->isLogged() && ($timeZone = $currentUser->getUserTimeZone()) != '') {
self::$defaultTimeZone = $timeZone;
date_default_timezone_set(self::$defaultTimeZone);

0 comments on commit e0ae044

Please sign in to comment.