Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 21:12:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-2511: Remove double ALLOW-FROM from X-Frame-Options header.

Browse Source 
The interface documentation for getAllowFromValue states: Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
This commit is contained in:
getvictor 2014-02-09 10:34:42 -06:00 committed by Rob Winch
parent 1172d44397
commit f02b77794f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
View File

@ -30,7 +30,7 @@ abstract class AbstractRequestParameterAllowFromStrategy implements AllowFromStr
log.debug("Supplied origin '"+allowFromOrigin+"'");
}
if (StringUtils.hasText(allowFromOrigin) && allowed(allowFromOrigin)) {
return "ALLOW-FROM " + allowFromOrigin;
return allowFromOrigin;
} else {
return "DENY";
}