覆盖HTTP标头的默认设置(X-FRAME-OPTIONS) [英] Override HTTP header's default settings (X-FRAME-OPTIONS)
问题描述
我正在使用Laravel的开发版本(4.1。*),并且有一个我不想要的新默认配置: X-Frame-Options:SAMEORIGIN
I'm working with the dev version of Laravel (4.1.*) and there is a new default configuration that I don't want : X-Frame-Options: SAMEORIGIN
暂时禁用它删除中的一行> Illuminate\Http\FrameGuard.php
For the moment I disable it by deleting one line in Illuminate\Http\FrameGuard.php
我正在寻找更好的解决方案。我试过了filtre.php文件:
I'm looking for a better solution. I've try in the filtre.php file :
App::after(function($request, $response) {
$response->header('X-Frame-Options', 'ALLOW-ALL');
});
但它只是添加了选项( X-Frame-Options:ALLOW- ALL,SAMEORIGIN
),而我需要覆盖。
But it just adds the option (X-Frame-Options:ALLOW-ALL, SAMEORIGIN
), whereas I need an override.
推荐答案
Laravel不提供任何配置禁用此功能。
Laravel doesn't provide any configuration to disable this functionality.
根据 Taylor Otwell ,绕过它的唯一方法是在开始文件中添加以下行:
According to Taylor Otwell, the only way to bypass it is by adding the following line into the start file:
App::forgetMiddleware('Illuminate\Http\FrameGuard');
肮脏的解决方案是评论有罪行:
The dirty solution is to comment the guilty line:
$response->headers->set('X-Frame-Options', 'SAMEORIGIN', false);
编辑(2014年1月29日):来自Taylor Otwell的新信息在GitHub上关于Laravel的下一个政策。
Edit (Jan 29th 2014): new info from Taylor Otwell on GitHub about next Laravel's policy.
默认情况下在4.2中删除它。应该在后过滤器中 - 将离开FrameGuard类,以便人们可以根据需要手动添加中间件。
Removing this by default in 4.2. Should be in an after filter - will leave FrameGuard class so people can add the middleware manually if they want.
这篇关于覆盖HTTP标头的默认设置(X-FRAME-OPTIONS)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!