mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
do not set response header X-Frame-Options for S3 requests (#5838)
This change removes the X-Frame-Options header - It should not be set for S3 requests since it can break CORS. Fixes #5813
This commit is contained in:
parent
9ebb72aa99
commit
5a16671f72
@ -648,7 +648,6 @@ func addSecurityHeaders(h http.Handler) http.Handler {
|
||||
func (s securityHeaderHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
header := w.Header()
|
||||
header.Set("X-XSS-Protection", "\"1; mode=block\"") // Prevents against XSS attacks
|
||||
header.Set("X-Frame-Options", "SAMEORIGIN") // Prevents against Clickjacking
|
||||
header.Set("Content-Security-Policy", "block-all-mixed-content") // prevent mixed (HTTP / HTTPS content)
|
||||
s.handler.ServeHTTP(w, r)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user