Bug 15111: Change X-Frame-Options with SAMEORIGIN

There are some places where frames are used, the greybox JS plugin for
instance.

We need either to allow them from Koha or replace this plugin.
The easier for now is to switch the value from DENY with SAMEORIGIN.

Test plan:
- modify a record in a batch (tools/batch_record_modification.pl)
- click on preview marc
=> With only the previous patch you will get a blank page.
=> With this patch apply, it will work as expected.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

diff --git a/C4/Output.pm b/C4/Output.pm
index 0527d65..0a0ae21 100644 (file)
--- a/C4/Output.pm
+++ b/C4/Output.pm
@@ -269,7 +269,7 @@ sub output_with_http_headers {
         charset           => 'UTF-8',
         Pragma            => 'no-cache',
         'Cache-Control'   => $cache_policy,
-        'X-Frame-Options' => 'DENY',
+        'X-Frame-Options' => 'SAMEORIGIN',
     };
     $options->{expires} = 'now' if $extra_options->{force_no_caching};