Commit bfec927b authored by Dave Cridland's avatar Dave Cridland Committed by Guus der Kinderen

OF-997 Cover main admin console

Turns out we protected only the PluginServlet, which is only used for Plugins and not the main Admin console itself.
parent 35c45af7
......@@ -37,6 +37,7 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jivesoftware.util.JiveGlobals;
import org.jivesoftware.util.WebManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -133,6 +134,8 @@ public class AuthCheckFilter implements Filter {
{
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)res;
// Do not allow framing; OF-997
response.addHeader("X-Frame-Options", JiveGlobals.getProperty("adminConsole.frame-options", "same"));
// Reset the defaultLoginPage variable
String loginPage = defaultLoginPage;
if (loginPage == null) {
......
......@@ -110,8 +110,6 @@ public class PluginServlet extends HttpServlet {
else {
handleOtherRequest(pathInfo, response);
}
// Do not allow framing; OF-997
response.addHeader("X-Frame-Options", JiveGlobals.getProperty("adminConsole.frame-options", "deny"));
}
catch (Exception e) {
Log.error(e.getMessage(), e);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment