From de491780b5367770b9e6098239105f5e785baead Mon Sep 17 00:00:00 2001 From: Julian Fitzell Date: Sat, 26 Oct 2002 23:26:54 +0000 Subject: [PATCH] Add a custom_headers config option to provide a list of headers to include with each HTTP response. This was added to allow a solution to issue #2649 (http://mantisbt.sourceforge.net/mantis/view_bug_advanced_page.php?f_id=0002649) git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1591 f5dc347c-c33d-0410-90a0-b07cc1902cb9 --- config_defaults_inc.php | 17 ++++++++++++++++- core/API.php | 6 ++++++ doc/ChangeLog | 1 + 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/config_defaults_inc.php b/config_defaults_inc.php index a4e8e04c59..f842057f53 100644 --- a/config_defaults_inc.php +++ b/config_defaults_inc.php @@ -686,7 +686,6 @@ ############################# #---------------------------------- # allow the use of Javascript? - # @@@ not yet implemented, but wanted this in config for 0.17.2+ -SC $g_use_javascript = ON; #---------------------------------- @@ -732,6 +731,22 @@ # Specify where the user should be sent after logging out. $g_logout_redirect_page = $g_path."login_page".$g_php; + ########################### + # Headers + ########################### + # --------------------------------- + # An array of headers to be sent with each page. + # For example, to allow your mantis installation to be viewed in a frame in IE 6 + # when the frameset is not at the same hostname as the mantis install, you need + # to add a P3P header. You could try something like 'P3P: CP="CUR ADM"' in your + # config file, but make sure to check that the your policy actually matches with + # what you are promising. See + # http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpriv/html/ie6privacyfeature.asp + # for more information. + + $g_custom_headers = array(); + #$g_custom_headers[] = 'P3P: CP="CUR ADM"'; + ########################### # Debugging ########################### diff --git a/core/API.php b/core/API.php index bab76c808b..a9f85cd152 100644 --- a/core/API.php +++ b/core/API.php @@ -27,6 +27,12 @@ require_once( $t_core_dir.'database_api.php' ); require_once( $t_core_dir.'config_api.php' ); + + # SEND USER-DEFINED HEADERS + foreach( config_get( 'custom_headers' ) as $t_header ) { + header( $t_header ); + } + require_once( $t_core_dir.'gpc_api.php' ); require_once( $t_core_dir.'error_api.php' ); require_once( $t_core_dir.'authentication_api.php' ); diff --git a/doc/ChangeLog b/doc/ChangeLog index 33d2be99b7..fc0624f536 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -135,6 +135,7 @@ Mantis ChangeLog * Look in environment variable MANTIS_CONFIG to find a config file to load after custom_config_inc.php (useful for vhosts) * Added $g_email_set_category to make Mantis set the category of the e-mail sent (via mail()/phpMailer). This is useful in organising e-mails better using clients like Microsoft Outlook. * config options default_advanced_report, default_advanced_view, and default_advanced_update are now ON/OFF instead of BOTH/SIMPLE/ADVANCED (they never worked the other way anyway) + * Added a custom_headers config variable that included a list of headers to preprend to each outgoing HTTP response. This can be used for P3P policy headers among other things (see issue #2649) 2002.08.23 - 0.17.5 * Corrected bug_delete.php and bug_delete_page.php, which ignored the $g_allow_bug_delete_access_level setting.