dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Respect $wgApiFrameOptions in formatted API output mode
[lhc/web/wiklou.git] / includes / api / ApiFormatBase.php
diff --git a/includes/api/ApiFormatBase.php b/includes/api/ApiFormatBase.php
index f0037bb..62705ef 100644 (file)
--- a/includes/api/ApiFormatBase.php
+++ b/includes/api/ApiFormatBase.php
@@ -178,6 +178,9 @@ abstract class ApiFormatBase extends ApiBase {
                                );
                        }
 
+                       // API handles its own clickjacking protection.
+                       // Note, that $wgBreakFrames will still override $wgApiFrameOptions for format mode.
+                       $out->allowClickJacking();
                        $out->output();
                } else {
                        // For non-HTML output, clear all errors that might have been
Wiklou, le Wiki du Wiklou