Execute clickjacking prevention code only when framed

roundcube · Dec 15, 2017 · 604f84e · 604f84e
1 parent c0959bd
commit 604f84e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/program/js/app.js b/program/js/app.js
@@ -177,7 +177,7 @@ function rcube_webmail()
       this.gui_objects[n] = rcube_find_object(this.gui_objects[n]);
 
     // clickjacking protection
-    if (n = this.env.x_frame_options) {
+    if ((n = this.env.x_frame_options) && self !== top) {
       try {
         // bust frame if not allowed
         if (n.toLowerCase() == 'deny' && top.location.href != self.location.href)