go/pocketbase
1
0
Fork 0
mirror of https://github.com/pocketbase/pocketbase.git synced 2025-12-01 01:16:08 +02:00
Code Issues Releases Activity

[#677] unset the X-Frame-Options when serving static files to allow files embedding

Browse Source
This commit is contained in:
Gani Georgiev
2022-10-02 13:28:33 +03:00
parent b0db2399b8
commit a6cafd1ed7
13 changed files with 217 additions and 208 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
tools/filesystem/filesystem.go
View File

@@ -223,6 +223,11 @@ func (s *System) Serve(response http.ResponseWriter, fileKey string, name string
extContentType = ct
}
// clickjacking shouldn't be a concern when serving static files,
// so it safe to unset the global X-Frame-Options to allow files embedding
// (https://github.com/pocketbase/pocketbase/issues/677)
response.Header().Del("X-Frame-Options")
response.Header().Set("Content-Disposition", disposition+"; filename="+name)
response.Header().Set("Content-Type", extContentType)
response.Header().Set("Content-Length", strconv.FormatInt(r.Size(), 10))