Allow qr code iframe

Signed-off-by: Christian König <ckoenig@posteo.de>
2021-12-10 07:17:13 +01:00 · 2021-12-10 07:17:13 +01:00 · 2eff53b2bb
parent 8d6ce78c65
commit 2eff53b2bb
2 changed files with 8 additions and 4 deletions
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@ -93,8 +93,10 @@ $HTTP["url"] =~ "/teleporter\.php$" {
 }

 # allow API qr code iframe on settings page
-$HTTP["url"] =~ "/admin/settings\.php$" {
-    setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
+$HTTP["url"] =~ "/api_token\.php$" {
+    $HTTP["referer"] =~ "/admin/settings\.php" {
+        setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
+    }
 }

 # Default expire header
--- a/advanced/lighttpd.conf.fedora
+++ b/advanced/lighttpd.conf.fedora
@ -101,8 +101,10 @@ $HTTP["url"] =~ "/teleporter\.php$" {
 }

 # allow API qr code iframe on settings page
-$HTTP["url"] =~ "/admin/settings\.php$" {
-    setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
+$HTTP["url"] =~ "/api_token\.php$" {
+    $HTTP["referer"] =~ "/admin/settings\.php" {
+        setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
+    }
 }

 # Default expire header