RisingOpsNinja
commented
1 month ago Issue is no longer reproducible with Freescout version 1.8.152 / docker image php8.2-1.17.84
Closed RisingOpsNinja closed 1 month ago
RisingOpsNinja
commented
1 month ago Issue is no longer reproducible with Freescout version 1.8.152 / docker image php8.2-1.17.84
Convert the value of APP_X_FRAME_OPTIONS to lower case, because Freescout only accepts
trueandfalsein lower case, but in README.md it is document as upper case (TRUEorFALSE).https://github.com/freescout-help-desk/freescout/blob/master/app/Http/Middleware/FrameGuard.php#L16
All other values like ALLOW, DENY and ALLOW-FROM (deprecated by most browsers) will also be converted to lower case, but are not case-sensitive in modern browsers and will still work:
Chromium: https://github.com/chromium/chromium/blob/master/services/network/public/cpp/x_frame_options_parser.cc#L30
Firefox: https://github.com/mozilla/gecko-dev/blob/master/dom/security/FramingChecker.cpp#L165
WebKit https://github.com/WebKit/WebKit/blob/main/Source/WebCore/platform/network/HTTPParsers.cpp#L568