Added X-Frame-Options and Access-Control-Allow-Origin

This will mimic what the frontend now does and ensure that cachelite do not allow a more permissive X-Frame-Options
symphonists · Nov 7, 2014 · 1556591 · 1556591
1 parent 2ccab85
commit 1556591
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/extension.driver.php b/extension.driver.php
@@ -314,6 +314,8 @@ public function intercept_page($context) {
 				header('Last-Modified: ' . $modified_gmt);
 				header('Cache-Control: public');
 				header("Expires: " . gmdate("D, d M Y H:i:s", $modified + $this->_lifetime) . " GMT");
+				header("X-Frame-Options: SAMEORIGIN");
+				header("Access-Control-Allow-Origin: " . URL);
 				header(sprintf('Content-Length: %d', strlen($output)));
 				print $output;
 				exit();
@@ -344,6 +346,8 @@ public function write_page_cache(&$output) {
 				header("Expires: " . gmdate("D, d M Y H:i:s", $this->_lifetime) . " GMT");
 				header("Cache-Control: max-age=" . $this->_lifetime . ", must-revalidate");
 				header("Last-Modified: " . gmdate('D, d M Y H:i:s', time()) . ' GMT');
+				header("X-Frame-Options: SAMEORIGIN");
+				header("Access-Control-Allow-Origin: " . URL);
 				header(sprintf('Content-Length: %d', strlen($render)));
 
 				print $render;