Update StatusController

This commit is contained in:
Daniel Supernault 2019-11-23 22:18:51 -07:00
parent 6c97b2162c
commit 026b59f025
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
3 changed files with 28 additions and 1 deletions

View file

@ -95,7 +95,7 @@ class StatusController extends Controller
$showCaption = $request->filled('caption') && $request->caption !== false;
$layout = $request->filled('layout') && $request->layout == 'compact' ? 'compact' : 'full';
$content = view('status.embed', compact('status', 'showLikes', 'showCaption', 'layout'));
return response($content)->withHeaders(['x-frame-options' => 'ALLOWALL']);
return response($content)->withHeaders(['X-Frame-Options' => 'ALLOWALL']);
}
public function showObject(Request $request, $username, int $id)

View file

@ -29,6 +29,7 @@ class Kernel extends HttpKernel
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\App\Http\Middleware\FrameGuard::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,

View file

@ -0,0 +1,26 @@
<?php
namespace App\Http\Middleware;
use Closure;
class FrameGuard
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$response = $next($request);
if (!$response->headers->has('X-Frame-Options')) {
$response->headers->set('X-Frame-Options', 'SAMEORIGIN', false);
}
return $response;
}
}