This restores the pre-
d25cb992 behaviour. Apparently UploadWizard's
flickr module relies on this (Which seems rather wrong, but
regardless I still think api handling of $wgApiFrameOptions should
extend to the "fm" modes.)
Note: If $wgBreakFrames is true, then frames will still be broken.
Although this is a change from prior behaviour, it makes sense
to me that $wgBreakFrames would not allow the human readable output
of the API be frammed.
Bug: 72340
Change-Id: Ia61a4698f7044acfcd7339207590d9333f4100cb
* - 'DENY': Do not allow framing. This is recommended for most wikis.
* - 'SAMEORIGIN': Allow framing by pages on the same domain.
* - false: Allow all framing.
+ * Note: $wgBreakFrames will override this for human formatted API output.
*/
$wgApiFrameOptions = 'DENY';
);
}
+ // API handles its own clickjacking protection.
+ // Note, that $wgBreakFrames will still override $wgApiFrameOptions for format mode.
+ $out->allowClickJacking();
$out->output();
} else {
// For non-HTML output, clear all errors that might have been