You are here

Home » API reference » Security Kit 6 » seckit.module

function _seckit_x_frame in Security Kit 6

Same name and namespace in other branches
  1. 7 seckit.module \_seckit_x_frame()

Sends X-Frame-Options HTTP header.

X-Frame-Options controls should browser show frames or not. More information can be found at initial article about it at http://blogs.msdn.com/ie/archive/2009/01/27/ie8-security-part-vii-clickj...

Implementation of X-Frame-Options is based on specification draft availabe at http://tools.ietf.org/html/draft-ietf-websec-x-frame-options-01

1 call to _seckit_x_frame()
seckit_init in ./seckit.module
Implements hook_init().

File

./seckit.module, line 433
Allows administrators to improve security of the website.

Code

function _seckit_x_frame($setting) {
  switch ($setting) {
    case SECKIT_X_FRAME_SAMEORIGIN:
      drupal_set_header('X-Frame-Options: SameOrigin');

      // set X-Frame-Options to SameOrigin
      break;
    case SECKIT_X_FRAME_DENY:
      drupal_set_header('X-Frame-Options: Deny');

      // set X-Frame-Options to Deny
      break;
    case SECKIT_X_FRAME_ALLOW_FROM:
      $options = _seckit_get_options();
      $value = $options['seckit_clickjacking']['x_frame_allow_from'];
      drupal_set_header("X-Frame-Options: Allow-From: {$value}");

      // set X-Frame-Options to Allow-From
      break;
    case SECKIT_X_FRAME_DISABLE:
    default:

      // do nothing
      break;
  }
}