Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow removing the X_FRAME_OPTIONS header or setting it from a view (fix #103) #122

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Allow removing the X_FRAME_OPTIONS header or setting it from a view (fix #103) #122

wants to merge 1 commit into from

Conversation

devdanzin
Copy link
Member

@devdanzin devdanzin commented Nov 30, 2024
edited
Loading

This PR removes the X_FRAME_OPTIONS header when the environment variable PLONE_X_FRAME_OPTIONS is set to empty or "None". It also respects this header's value if set by a view, and only sets it to the env var's value if it's not present beforehand.

This is my first contribution to Plone, so I apologize if the PR is wrong in any way and am ready to improve it upon request.

Edit: there's an else branch to make the behavior easier to follow, but it would probably be better to remove it if the design is approved.

Fixes #103.

@mister-roboto
Copy link

@devdanzin you need to sign the Plone Contributor Agreement to merge this pull request.

Learn about the Plone Contributor Agreement: https://plone.org/foundation/contributors-agreement

If you have already signed the agreement, please allow a week for your agreement to be processed.
Once it is processed, you will receive an email invitation to join the plone GitHub organization as a Contributor.

If after a week you have not received an invitation, then please contact agreements@plone.org.

@mister-roboto
Copy link

@devdanzin thanks for creating this Pull Request and helping to improve Plone!

TL;DR: Finish pushing changes, pass all other checks, then paste a comment:

@jenkins-plone-org please run jobs

To ensure that these changes do not break other parts of Plone, the Plone test suite matrix needs to pass, but it takes 30-60 min. Other CI checks are usually much faster and the Plone Jenkins resources are limited, so when done pushing changes and all other checks pass either start all Jenkins PR jobs yourself, or simply add the comment above in this PR to start all the jobs automatically.

Happy hacking!

@devdanzin
Copy link
Member Author

Kindly requesting reviews by @erral and @Rudd-O.

@devdanzin
Copy link
Member Author

@jenkins-plone-org please run jobs

Rudd-O
Rudd-O reviewed Dec 18, 2024
View reviewed changes
README.rst
@@ -214,7 +214,9 @@ override it at your proxy server, or you can set the environment variable of
``PLONE_X_FRAME_OPTIONS`` to whatever value you'd like plone.protect to set
this to globally.

You can opt out of this by making the environment variable empty.
You can opt out of this by making the environment variable empty, which will
remove the header entirely. Setting a custom value in a custom view will
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clever.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rudd-O Rudd-O Rudd-O approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

How to disable X-Frame-Options header?
3 participants
@devdanzin @mister-roboto @Rudd-O