From 5eb0006588c8899f0b2ce7900f20e14acfeb977e Mon Sep 17 00:00:00 2001
From: Luke Pulverenti <luke.pulverenti@gmail.com>
Date: Sat, 13 Jun 2015 00:14:48 -0400
Subject: add xframe setting

---
 .../HttpServer/ResponseFilter.cs                               | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs')

diff --git a/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs b/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs
index 7490d62d6..f9184f6d1 100644
--- a/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs
+++ b/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs
@@ -12,10 +12,12 @@ namespace MediaBrowser.Server.Implementations.HttpServer
     {
         private static readonly CultureInfo UsCulture = new CultureInfo("en-US");
         private readonly ILogger _logger;
+        private readonly Func<bool> _denyIframeEmbedding;
 
-        public ResponseFilter(ILogger logger)
+        public ResponseFilter(ILogger logger, Func<bool> denyIframeEmbedding)
         {
             _logger = logger;
+            _denyIframeEmbedding = denyIframeEmbedding;
         }
 
         /// <summary>
@@ -28,7 +30,11 @@ namespace MediaBrowser.Server.Implementations.HttpServer
         {
             // Try to prevent compatibility view
             res.AddHeader("X-UA-Compatible", "IE=Edge");
-            res.AddHeader("X-Frame-Options", "DENY");
+
+            if (_denyIframeEmbedding())
+            {
+                res.AddHeader("X-Frame-Options", "DENY");
+            }
 
             var exception = dto as Exception;
 
-- 
cgit v1.2.3