From 28085cf7d8386608470d66ec59d3947b34c7970f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 17 Dec 2021 10:08:16 +0100 Subject: [PATCH] Merge iFrame exceptions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/lighttpd.conf.debian | 11 ++--------- advanced/lighttpd.conf.fedora | 11 ++--------- 2 files changed, 4 insertions(+), 18 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 37099ad7..cf728e19 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -85,15 +85,8 @@ $HTTP["url"] =~ "^/admin/\.(.*)" { url.access-deny = ("") } -# allow teleporter iframe on settings page -$HTTP["url"] =~ "/teleporter\.php$" { - $HTTP["referer"] =~ "/admin/settings\.php" { - setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) - } -} - -# allow API qr code iframe on settings page -$HTTP["url"] =~ "/api_token\.php$" { +# allow teleporter and API qr code iframe on settings page +$HTTP["url"] =~ "/(teleporter|api_token)\.php$" { $HTTP["referer"] =~ "/admin/settings\.php" { setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) } diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index f4916422..626a3d8d 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -93,15 +93,8 @@ $HTTP["url"] =~ "^/admin/\.(.*)" { url.access-deny = ("") } -# allow teleporter iframe on settings page -$HTTP["url"] =~ "/teleporter\.php$" { - $HTTP["referer"] =~ "/admin/settings\.php" { - setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) - } -} - -# allow API qr code iframe on settings page -$HTTP["url"] =~ "/api_token\.php$" { +# allow teleporter and API qr code iframe on settings page +$HTTP["url"] =~ "/(teleporter|api_token)\.php$" { $HTTP["referer"] =~ "/admin/settings\.php" { setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) }