Merge iFrame exceptions

Signed-off-by: Christian König <ckoenig@posteo.de>
2 years ago · 28085cf7d8
parent 2eff53b2bb
commit 28085cf7d8
2 changed files with 4 additions and 18 deletions
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@ -85,15 +85,8 @@ $HTTP["url"] =~ "^/admin/\.(.*)" {
    url.access-deny = ("")
 }

-# allow teleporter iframe on settings page
-$HTTP["url"] =~ "/teleporter\.php$" {
-    $HTTP["referer"] =~ "/admin/settings\.php" {
-        setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
-    }
-}
-
-# allow API qr code iframe on settings page
-$HTTP["url"] =~ "/api_token\.php$" {
+# allow teleporter and API qr code iframe on settings page
+$HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
    $HTTP["referer"] =~ "/admin/settings\.php" {
        setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
    }
--- a/advanced/lighttpd.conf.fedora
+++ b/advanced/lighttpd.conf.fedora
@ -93,15 +93,8 @@ $HTTP["url"] =~ "^/admin/\.(.*)" {
    url.access-deny = ("")
 }

-# allow teleporter iframe on settings page
-$HTTP["url"] =~ "/teleporter\.php$" {
-    $HTTP["referer"] =~ "/admin/settings\.php" {
-        setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
-    }
-}
-
-# allow API qr code iframe on settings page
-$HTTP["url"] =~ "/api_token\.php$" {
+# allow teleporter and API qr code iframe on settings page
+$HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
    $HTTP["referer"] =~ "/admin/settings\.php" {
        setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
    }