[Rt-commit] rt branch, 4.0-trunk, updated. rt-4.0.0-408-g2ccd8bc
Alex Vandiver
alexmv at bestpractical.com
Fri May 20 13:19:20 EDT 2011
The branch, 4.0-trunk has been updated
via 2ccd8bcfad46718b9f2d4bd1c3d888b00a27c5c9 (commit)
from 53672e11810ab4a3cafa397ae9904e729645a35b (commit)
Summary of changes:
etc/RT_Config.pm.in | 6 +++---
lib/RT/Interface/Web/Handler.pm | 2 +-
share/html/Elements/Framekiller | 2 +-
t/web/clickjacking-preventions.t | 4 ++--
4 files changed, 7 insertions(+), 7 deletions(-)
- Log -----------------------------------------------------------------
commit 2ccd8bcfad46718b9f2d4bd1c3d888b00a27c5c9
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Fri May 20 13:16:23 2011 -0400
Swap the name of the framebusting option to have fewer double-negatives in the code
diff --git a/etc/RT_Config.pm.in b/etc/RT_Config.pm.in
index e937e04..1bbca11 100755
--- a/etc/RT_Config.pm.in
+++ b/etc/RT_Config.pm.in
@@ -1693,15 +1693,15 @@ be allowed to run arbitrary Perl code on the server via scrips.
Set($DisallowExecuteCode, 0);
-=item C<$DisableFramebusting>
+=item C<$Framebusting>
-If set to a true value, framekiller javascript will be disabled and the
+If set to a false value, framekiller javascript will be disabled and the
X-Frame-Options: DENY header will be suppressed from all responses.
This disables RT's clickjacking protection.
=cut
-Set($DisableFramebusting, 0);
+Set($Framebusting, 1);
=back
diff --git a/lib/RT/Interface/Web/Handler.pm b/lib/RT/Interface/Web/Handler.pm
index f366c19..5e8caa0 100644
--- a/lib/RT/Interface/Web/Handler.pm
+++ b/lib/RT/Interface/Web/Handler.pm
@@ -273,7 +273,7 @@ sub _psgi_response_cb {
sub {
my $res = shift;
- unless ( RT->Config->Get('DisableFramebusting') ) {
+ if ( RT->Config->Get('Framebusting') ) {
# XXX TODO: Do we want to make the value of this header configurable?
Plack::Util::header_set($res->[1], 'X-Frame-Options' => 'DENY');
}
diff --git a/share/html/Elements/Framekiller b/share/html/Elements/Framekiller
index 7218829..b1b1bba 100644
--- a/share/html/Elements/Framekiller
+++ b/share/html/Elements/Framekiller
@@ -1,4 +1,4 @@
-% unless ( RT->Config->Get('DisableFramebusting') ) {
+% if ( RT->Config->Get('Framebusting') ) {
%# This is defeatable. The current best known implemention uses CSS to hide
%# the content and JS to re-show it, but that fails poorly for clients that
%# don't run JS.
diff --git a/t/web/clickjacking-preventions.t b/t/web/clickjacking-preventions.t
index b7eaf2f..dde8295 100644
--- a/t/web/clickjacking-preventions.t
+++ b/t/web/clickjacking-preventions.t
@@ -8,7 +8,7 @@ my ($url, $m);
# Enabled by default
{
- ok(!RT->Config->Get('DisableFramebusting'), "Framebusting enabled by default");
+ ok(RT->Config->Get('Framebusting'), "Framebusting enabled by default");
($url, $m) = RT::Test->started_ok;
$m->get_ok($url);
@@ -20,7 +20,7 @@ my ($url, $m);
# Disabled
{
- RT->Config->Set('DisableFramebusting', 1);
+ RT->Config->Set('Framebusting', 0);
($url, $m) = RT::Test->started_ok;
$m->get_ok($url);
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list