aboutsummaryrefslogtreecommitdiff
path: root/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs
diff options
context:
space:
mode:
Diffstat (limited to 'MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs')
-rw-r--r--MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs12
1 files changed, 9 insertions, 3 deletions
diff --git a/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs b/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs
index c47332dbe..f9184f6d1 100644
--- a/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs
+++ b/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs
@@ -1,6 +1,5 @@
using MediaBrowser.Model.Logging;
using MediaBrowser.Server.Implementations.HttpServer.SocketSharp;
-using ServiceStack;
using ServiceStack.Web;
using System;
using System.Globalization;
@@ -13,10 +12,12 @@ namespace MediaBrowser.Server.Implementations.HttpServer
{
private static readonly CultureInfo UsCulture = new CultureInfo("en-US");
private readonly ILogger _logger;
+ private readonly Func<bool> _denyIframeEmbedding;
- public ResponseFilter(ILogger logger)
+ public ResponseFilter(ILogger logger, Func<bool> denyIframeEmbedding)
{
_logger = logger;
+ _denyIframeEmbedding = denyIframeEmbedding;
}
/// <summary>
@@ -30,6 +31,11 @@ namespace MediaBrowser.Server.Implementations.HttpServer
// Try to prevent compatibility view
res.AddHeader("X-UA-Compatible", "IE=Edge");
+ if (_denyIframeEmbedding())
+ {
+ res.AddHeader("X-Frame-Options", "DENY");
+ }
+
var exception = dto as Exception;
if (exception != null)
@@ -52,7 +58,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer
if (hasOptions != null)
{
- //hasOptions.Options["Server"] = "Mono-HTTPAPI/1.1";
+ hasOptions.Options["Server"] = "Mono-HTTPAPI/1.1";
// Content length has to be explicitly set on on HttpListenerResponse or it won't be happy
string contentLength;
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-07 06:21:29 +0000