Skip to content

Commit 6964186

Browse files
author
Dale Sikkema
committed
MAGETWO-16192: Security: Clickjacking solution - introduce X-Frame-Options
 - move DI config from global to store module
1 parent 9fa7896 commit 6964186

File tree

2 files changed

+8
-8
lines changed

2 files changed

+8
-8
lines changed

app/code/Magento/Store/etc/di.xml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,14 @@
99
<preference for="Magento\Framework\App\Request\PathInfoProcessorInterface" type="Magento\Store\App\Request\PathInfoProcessor" />
1010
<preference for="Magento\Store\Model\StoreManagerInterface" type="Magento\Store\Model\StoreManager" />
1111
<preference for="Magento\Framework\App\Response\RedirectInterface" type="Magento\Store\App\Response\Redirect" />
12+
<type name="Magento\Framework\App\Response\Http">
13+
<plugin name="xFrameOptionsHeader" type="Magento\Framework\App\Response\XFrameOptPlugin"/>
14+
</type>
15+
<type name="Magento\Framework\App\Response\XFrameOptPlugin">
16+
<arguments>
17+
<argument name="xFrameOpt" xsi:type="init_parameter">Magento\Framework\App\Response\XFrameOptPlugin::DEPLOYMENT_CONFIG_X_FRAME_OPT</argument>
18+
</arguments>
19+
</type>
1220
<type name="Magento\Framework\App\Config\ScopePool">
1321
<arguments>
1422
<argument name="readerPool" xsi:type="object">Magento\Store\Model\Config\Reader\ReaderPool\Proxy</argument>

app/etc/di.xml

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -136,14 +136,6 @@
136136
<preference for="Magento\Framework\Api\ImageContentValidatorInterface" type="Magento\Framework\Api\ImageContentValidator" />
137137
<preference for="Magento\Framework\Api\ImageProcessorInterface" type="Magento\Framework\Api\ImageProcessor" />
138138
<preference for="Magento\Framework\Code\Reader\ClassReaderInterface" type="Magento\Framework\Code\Reader\ClassReader" />
139-
<type name="Magento\Framework\App\Response\Http">
140-
<plugin name="xFrameOptionsHeader" type="Magento\Framework\App\Response\XFrameOptPlugin"/>
141-
</type>
142-
<type name="Magento\Framework\App\Response\XFrameOptPlugin">
143-
<arguments>
144-
<argument name="xFrameOpt" xsi:type="init_parameter">Magento\Framework\App\Response\XFrameOptPlugin::DEPLOYMENT_CONFIG_X_FRAME_OPT</argument>
145-
</arguments>
146-
</type>
147139
<type name="Magento\Framework\Model\Resource\Db\TransactionManager" shared="false" />
148140
<type name="Magento\Framework\Logger\Handler\Base">
149141
<arguments>

0 commit comments

Comments
 (0)