Skip to content

Commit 78b2c1f

Browse files
MauricioFauthMauricioFauth
committed
Extract function from cross_framing_protection.js
Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
1 parent 0842d95 commit 78b2c1f

3 files changed

Lines changed: 23 additions & 22 deletions

File tree

js/src/cross_framing_protection.js

Lines changed: 21 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,24 @@
11
/**
2-
* Conditionally included if framing is not allowed
2+
* Conditionally included if framing is not allowed.
3+
* @return {void}
34
*/
4-
if (self === top) {
5-
var styleElement = document.getElementById('cfs-style');
6-
// check if styleElement has already been removed
7-
// to avoid frequently reported js error
8-
if (typeof(styleElement) !== 'undefined' && styleElement !== null) {
9-
styleElement.parentNode.removeChild(styleElement);
5+
const crossFramingProtection = () => {
6+
if (window.allowThirdPartyFraming) {
7+
return;
108
}
11-
} else {
12-
top.location = self.location;
13-
}
9+
10+
if (window.self !== window.top) {
11+
window.top.location = window.self.location;
12+
return;
13+
}
14+
15+
const styleElement = document.getElementById('cfs-style');
16+
// check if styleElement has already been removed to avoid frequently reported js error
17+
if (typeof (styleElement) === 'undefined' || styleElement === null) {
18+
return;
19+
}
20+
21+
styleElement.parentNode.removeChild(styleElement);
22+
};
23+
24+
crossFramingProtection();

libraries/classes/Header.php

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -140,17 +140,7 @@ private function addDefaultScripts(): void
140140
$this->scripts->addFile('vendor/jquery/jquery.validate.js');
141141
$this->scripts->addFile('vendor/jquery/jquery-ui-timepicker-addon.js');
142142
$this->scripts->addFile('menu_resizer.js');
143-
144-
// Cross-framing protection
145-
// At this point browser settings are not merged
146-
// this is good that we only use file configuration for this protection
147-
if ($GLOBALS['cfg']['AllowThirdPartyFraming'] === false) {
148-
$this->scripts->addFile('cross_framing_protection.js');
149-
}
150-
151-
// Here would not be a good place to add CodeMirror because
152-
// the user preferences have not been merged at this point
153-
143+
$this->scripts->addFile('cross_framing_protection.js');
154144
$this->scripts->addFile('messages.php', ['l' => $GLOBALS['lang']]);
155145
$this->scripts->addFile('config.js');
156146
$this->scripts->addFile('doclinks.js');

templates/header.twig

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
<meta charset="utf-8">
55
<meta name="viewport" content="width=device-width, initial-scale=1">
66
<meta name="referrer" content="no-referrer">
7-
<meta name="robots" content="noindex,nofollow">
7+
<script>window.allowThirdPartyFraming = {{ allow_third_party_framing == 'sameorigin' ? '"sameorigin"' : (allow_third_party_framing ? '1' : '0') }};</script>
88
{% if not allow_third_party_framing -%}
99
<style id="cfs-style">html{display: none;}</style>
1010
{%- endif %}

0 commit comments

Comments
 (0)