laravel 覆盖 HTTP 标头的默认设置 (X-FRAME-OPTIONS)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20293116/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Override HTTP header's default settings (X-FRAME-OPTIONS)
提问by Fractaliste
I'm working with the dev version of Laravel (4.1.*) and there is a new default configuration that I don't want : X-Frame-Options: SAMEORIGIN
我正在使用 Laravel (4.1.*) 的开发版本,并且有一个我不想要的新默认配置: X-Frame-Options: SAMEORIGIN
For the moment I disable it by deleting one line in Illuminate\Http\FrameGuard.php
目前我通过删除一行来禁用它Illuminate\Http\FrameGuard.php
I'm looking for a better solution. I've try in the filtre.php file :
我正在寻找更好的解决方案。我在 filtre.php 文件中尝试过:
App::after(function($request, $response) {
$response->header('X-Frame-Options', 'ALLOW-ALL');
});
But it just adds the option (X-Frame-Options:ALLOW-ALL, SAMEORIGIN), whereas I need an override.
但它只是添加了选项 ( X-Frame-Options:ALLOW-ALL, SAMEORIGIN),而我需要一个覆盖。
回答by Fractaliste
Laravel doesn't provide any configuration to disable this functionality.
Laravel 不提供任何配置来禁用此功能。
According to Taylor Otwell, the only way to bypass it is by adding the following line into the start file:
根据Taylor Otwell的说法,绕过它的唯一方法是将以下行添加到启动文件中:
App::forgetMiddleware('Illuminate\Http\FrameGuard');
The dirty solution is to comment the guilty line:
肮脏的解决方案是评论有罪的行:
$response->headers->set('X-Frame-Options', 'SAMEORIGIN', false);
Edit (Jan 29th 2014): new info from Taylor Otwell on GitHubabout next Laravel's policy.
编辑(2014 年 1 月 29 日):Taylor Otwell在 GitHub 上关于下一个 Laravel 政策的新信息。
Removing this by default in 4.2. Should be in an after filter - will leave FrameGuard class so people can add the middleware manually if they want.
在 4.2 中默认删除它。应该在后过滤器中 - 将离开 FrameGuard 类,以便人们可以根据需要手动添加中间件。
