$temp->add(new admin_setting_configcheckbox('loginhttps', get_string('loginhttps', 'admin'), get_string('configloginhttps', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('cookiesecure', get_string('cookiesecure', 'admin'), get_string('configcookiesecure', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('cookiehttponly', get_string('cookiehttponly', 'admin'), get_string('configcookiehttponly', 'admin'), 0));
+ $temp->add(new admin_setting_configcheckbox('allowframembedding', get_string('allowframembedding', 'admin'), get_string('allowframembedding_help', 'admin'), 0));
$ADMIN->add('security', $temp);
$string['allowdeletes'] = 'Allow deletes';
$string['allowediplist'] = 'Allowed IP list';
$string['allowemailaddresses'] = 'Allowed email domains';
+$string['allowframembedding'] = 'Allow frame embedding';
+$string['allowframembedding_help'] = 'Allow embedding of this site in frames on external sites. Enabling of this feature is not recommended for security reasons.';
$string['allowobjectembed'] = 'Allow EMBED and OBJECT tags';
$string['allowrenames'] = 'Allow renames';
$string['allowthemechangeonurl'] = 'Allow theme changes in the URL';
* @param $cacheable Can this page be cached on back?
*/
function send_headers($contenttype, $cacheable = true) {
+ global $CFG;
+
@header('Content-Type: ' . $contenttype);
@header('Content-Script-Type: text/javascript');
@header('Content-Style-Type: text/css');
@header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
}
@header('Accept-Ranges: none');
+
+ if (empty($CFG->allowframembedding)) {
+ @header('X-Frame-Options: sameorigin');
+ }
}
/**
