Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix checks to match with core handling for allowframeemedding #15

Merged
merged 1 commit into from
Aug 19, 2021
Merged

Fix checks to match with core handling for allowframeemedding #15

merged 1 commit into from
Aug 19, 2021

Conversation

keevan
Copy link

@keevan keevan commented Aug 19, 2021

Upstream issue and PR:
h5p#424
h5p#425

https://github.com/moodle/moodle/blob/036800d99debfe61dde45f61292bc5ad44ab7cb0/lib/weblib.php#L2284-L2287
States that it only passes the 'X-Frame-Options: sameorigin' setting if embedding is disabled AND if the user is not loading the page from the app.

    // The Moodle app must be allowed to embed content always.
    if (empty($CFG->allowframembedding) && !core_useragent::is_moodle_app()) {
        @header('X-Frame-Options: sameorigin');
    }

Tested using the official Moodle app, pointing to a local instance

@keevan
Fix checks to match with core handling for allowframeemedding
0d4b125 
lib/weblib.php:2285 states that it only passes the 'X-Frame-Options: sameorigin' setting if embedding is disabled AND if the user is not loading the page from the app.
@andrewmadden andrewmadden merged commit 333de19 into stable-catalyst Aug 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@keevan @andrewmadden