Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
iframe: Allow Multiple iFrame Domains #4781
Previously, we added a security header to prevent click-jacking called "X-Frame-Options". This introduced an issue with people using osTicket in iFrames on their websites. To mitigate the issue, this updates the security header to allow the site to be framed from specified domains, if none provided we default to 'self'. This adds a new field to General System Settings called "Allow iFrames" where you may enter a comma separated list of domains that the site can be framed on. This also adds a validator for the field to validate the domains and ensure they fit the syntax from Mozilla Developer Docs.