问题
I'm working with the dev version of Laravel (4.1.*) and there is a new default configuration that I don't want : X-Frame-Options: SAMEORIGIN
For the moment I disable it by deleting one line in Illuminate\Http\FrameGuard.php
I'm looking for a better solution. I've try in the filtre.php file :
App::after(function($request, $response) {
$response->header('X-Frame-Options', 'ALLOW-ALL');
});
But it just adds the option (X-Frame-Options:ALLOW-ALL, SAMEORIGIN), whereas I need an override.
回答1:
Laravel doesn't provide any configuration to disable this functionality.
According to Taylor Otwell, the only way to bypass it is by adding the following line into the start file:
App::forgetMiddleware('Illuminate\Http\FrameGuard');
The dirty solution is to comment the guilty line:
$response->headers->set('X-Frame-Options', 'SAMEORIGIN', false);
Edit (Jan 29th 2014): new info from Taylor Otwell on GitHub about next Laravel's policy.
Removing this by default in 4.2. Should be in an after filter - will leave FrameGuard class so people can add the middleware manually if they want.
回答2:
The third parameter of the header method should serve your needs.
来源:https://stackoverflow.com/questions/20293116/override-http-headers-default-settings-x-frame-options