_navTrail;
private AppBar _appBar;
- private FrameOption _frameOption = FrameOption.ALLOW;
private boolean _trackingScript = true;
private String _canonicalLink = null;
private boolean _includePostParameters = false;
@@ -505,21 +504,6 @@ public HtmlString getMetaTags(URLHelper url)
return sb.getHtmlString();
}
- public enum FrameOption
- {
- ALLOW, SAMEORIGIN, DENY
- }
-
- public void setFrameOption(FrameOption option)
- {
- _frameOption = option;
- }
-
- public FrameOption getFrameOption()
- {
- return null==_frameOption?FrameOption.ALLOW:_frameOption;
- }
-
public void setAllowTrackingScript(TrueFalse opt)
{
_trackingScript = opt != TrueFalse.False;
diff --git a/api/src/org/labkey/filters/ContentSecurityPolicyFilter.java b/api/src/org/labkey/filters/ContentSecurityPolicyFilter.java
index 0ed280795d3..eb15a39931f 100644
--- a/api/src/org/labkey/filters/ContentSecurityPolicyFilter.java
+++ b/api/src/org/labkey/filters/ContentSecurityPolicyFilter.java
@@ -89,7 +89,7 @@ public class ContentSecurityPolicyFilter implements Filter
// This is effectively @NotNull since it's set to non-null values in init() and never changed
private String _stashedTemplate = null;
- // We can't set this statically because the class is referenced before URLProviders are available
+ // We can't set this statically because this class is referenced before URLProviders are available
private final String _reportingEndpointsHeaderValue = "csp-report=\"" + PageFlowUtil.urlProvider(AdminUrls.class).getCspReportToURL().getLocalURIString() + "\"";
// Initialized on first request and reset when allowed sources change. Don't reference this directly; always use
@@ -203,6 +203,8 @@ private void extractCspVersion(String s)
}
}
+ private static final String X_FRAME_OPTIONS_HEADER_NAME = "X-Frame-Options";
+
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
{
diff --git a/core/src/org/labkey/core/CoreModule.java b/core/src/org/labkey/core/CoreModule.java
index 657a3dd5640..301b9f43ccf 100644
--- a/core/src/org/labkey/core/CoreModule.java
+++ b/core/src/org/labkey/core/CoreModule.java
@@ -542,8 +542,6 @@ public QuerySchema createSchema(DefaultSchema schema, Module module)
"search to find the other select values.", false, true);
OptionalFeatureService.get().addFeatureFlag(new OptionalFeatureFlag(SQLFragment.FEATUREFLAG_DISABLE_STRICT_CHECKS, "Disable SQLFragment strict checks",
"Disables strict SQL generation safeguards in SQLFragment.appendIdentifier and QueryPivot value emission", false, true, FeatureType.Deprecated));
- OptionalFeatureService.get().addExperimentalFeatureFlag(LoginController.FEATUREFLAG_DISABLE_LOGIN_XFRAME, "Disable Login X-FRAME-OPTIONS=DENY",
- "By default LabKey disables all framing of login related actions. Disabling this feature will revert to using the standard site settings.", false, true);
OptionalFeatureService.get().addExperimentalFeatureFlag(PageTemplate.EXPERIMENTAL_SHORT_CIRCUIT_ROBOTS,
"Short-circuit robots",
"Save resources by not rendering pages marked as 'noindex' for robots. This is experimental as not all robots are search engines.",
diff --git a/core/src/org/labkey/core/admin/AdminController.java b/core/src/org/labkey/core/admin/AdminController.java
index 7a33498ef8f..91da0c6172f 100644
--- a/core/src/org/labkey/core/admin/AdminController.java
+++ b/core/src/org/labkey/core/admin/AdminController.java
@@ -1471,13 +1471,6 @@ public boolean handlePost(SiteSettingsForm form, BindException errors) throws Ex
}
}
- String frameOption = StringUtils.trimToEmpty(form.getXFrameOption());
- if (!frameOption.equals("DENY") && !frameOption.equals("SAMEORIGIN") && !frameOption.equals("ALLOW"))
- {
- errors.reject(ERROR_MSG, "XFrameOption must equal DENY, or SAMEORIGIN, or ALLOW");
- return false;
- }
- props.setXFrameOption(frameOption);
props.setIncludeServerHttpHeader(form.isIncludeServerHttpHeader());
props.setTermsOfUseFrequencySeconds(form.getTermsOfUseFrequencySeconds());
@@ -2402,7 +2395,6 @@ public static class SiteSettingsForm
private boolean _allowSessionKeys;
private boolean _navAccessOpen;
- private String _XFrameOption;
private boolean _includeServerHttpHeader;
private int _termsOfUseFrequencySeconds;
@@ -2616,16 +2608,6 @@ public void setAllowSessionKeys(boolean allowSessionKeys)
_allowSessionKeys = allowSessionKeys;
}
- public String getXFrameOption()
- {
- return _XFrameOption;
- }
-
- public void setXFrameOption(String XFrameOption)
- {
- _XFrameOption = XFrameOption;
- }
-
public boolean isIncludeServerHttpHeader()
{
return _includeServerHttpHeader;
diff --git a/core/src/org/labkey/core/admin/customizeSite.jsp b/core/src/org/labkey/core/admin/customizeSite.jsp
index d5cb0450bd2..8bc659eb5ac 100644
--- a/core/src/org/labkey/core/admin/customizeSite.jsp
+++ b/core/src/org/labkey/core/admin/customizeSite.jsp
@@ -321,7 +321,7 @@ Click the Save button at any time to accept the current settings and continue.
- | Configure Security (<%=bean.getSiteSettingsHelpLink("security")%>) |
+ Security settings (<%=bean.getSiteSettingsHelpLink("security")%>) |
|
@@ -332,10 +332,14 @@ Click the Save button at any time to accept the current settings and continue.
|
|
-
+
+ |
+ |
+
| |
+
| Configure API Keys (<%=bean.getSiteSettingsHelpLink("apiKey")%>) |
@@ -376,10 +380,10 @@ Click the Save button at any time to accept the current settings and continue.
|
|
-
| |
+
| Customize terms-of-use frequency (<%=bean.getSiteSettingsHelpLink("terms")%>) |
@@ -411,10 +415,10 @@ Click the Save button at any time to accept the current settings and continue.
%>
-
| |
+
| Configure pipeline settings (<%=bean.getSiteSettingsHelpLink("pipeline")%>) |
@@ -444,7 +448,7 @@ Click the Save button at any time to accept the current settings and continue.
|
- | Put web site in administrative mode (<%=bean.getSiteSettingsHelpLink("adminonly")%>) |
+ Put website in administrative mode (<%=bean.getSiteSettingsHelpLink("adminonly")%>) |
|
@@ -455,30 +459,10 @@ Click the Save button at any time to accept the current settings and continue.
|
|
-
-
- | |
-
-
- | HTTP security settings (<%=bean.getSiteSettingsHelpLink("http")%>) |
-
- |
-
- |
- |
-
- |
-
- |
- |
-
| |
+
| Customize navigation options (<%=bean.getSiteSettingsHelpLink("nav")%>) |
diff --git a/core/src/org/labkey/core/login/LoginController.java b/core/src/org/labkey/core/login/LoginController.java
index d0e4e6ba04f..2a0d3ac1adc 100644
--- a/core/src/org/labkey/core/login/LoginController.java
+++ b/core/src/org/labkey/core/login/LoginController.java
@@ -148,7 +148,6 @@
public class LoginController extends SpringActionController
{
- public static final String FEATUREFLAG_DISABLE_LOGIN_XFRAME = "disable-login-xframe-options";
private static final Logger _log = LogHelper.getLogger(LoginController.class, "User registration and authentication failures");
private static final ActionResolver _actionResolver = new DefaultActionResolver(LoginController.class);
@@ -157,15 +156,6 @@ public LoginController()
setActionResolver(_actionResolver);
}
- @Override
- public PageConfig defaultPageConfig()
- {
- PageConfig ret = super.defaultPageConfig();
- if (!AppProps.getInstance().isOptionalFeatureEnabled(FEATUREFLAG_DISABLE_LOGIN_XFRAME))
- ret.setFrameOption(PageConfig.FrameOption.DENY);
- return ret;
- }
-
@Override
protected void beforeAction(Controller action)
{
diff --git a/core/src/org/labkey/core/user/UserController.java b/core/src/org/labkey/core/user/UserController.java
index f54e65ac4c4..644bc6cb4e2 100644
--- a/core/src/org/labkey/core/user/UserController.java
+++ b/core/src/org/labkey/core/user/UserController.java
@@ -187,15 +187,6 @@ public UserController()
setActionResolver(_actionResolver);
}
- @Override
- public PageConfig defaultPageConfig()
- {
- PageConfig ret = super.defaultPageConfig();
- if (!AppProps.getInstance().isOptionalFeatureEnabled(LoginController.FEATUREFLAG_DISABLE_LOGIN_XFRAME))
- ret.setFrameOption(PageConfig.FrameOption.DENY);
- return ret;
- }
-
public static class UserUrlsImpl implements UserUrls
{
@Override
diff --git a/core/src/org/labkey/core/view/template/bootstrap/pageTemplate.jsp b/core/src/org/labkey/core/view/template/bootstrap/pageTemplate.jsp
index 37a7bef2f4b..ca4682c3b99 100644
--- a/core/src/org/labkey/core/view/template/bootstrap/pageTemplate.jsp
+++ b/core/src/org/labkey/core/view/template/bootstrap/pageTemplate.jsp
@@ -35,9 +35,6 @@
ActionURL url = getActionURL();
ViewContext context = getViewContext();
- if (model.getFrameOption() != PageConfig.FrameOption.ALLOW)
- response.setHeader("X-FRAME-OPTIONS", model.getFrameOption().name());
-
boolean isExplicitNoIndex = null != url && "1".equals(url.getParameter(ActionURL.Param._noindex.name()));
if (isExplicitNoIndex)
model.setRobotsNone();