[Bug] Use same origin as header default (#900)

alexjustesen · web-flow · commit ec5626fc2d33 · 2023-11-11T23:29:30.000-05:00
diff --git a/app/Http/Middleware/FrameAllowOptions.php b/app/Http/Middleware/FrameAllowOptions.php
@@ -17,9 +17,7 @@ public function handle(Request $request, Closure $next): Response
     {
         $response = $next($request);
 
-        if (! blank(config('speedtest.allow_embeds'))) {
-            $response->header('X-Frame-Options', 'ALLOW-FROM '.config('speedtest.allow_embeds'));
-        }
+        $response->header('X-Frame-Options', 'ALLOW-FROM '.config('speedtest.allow_embeds'));
 
         return $response;
     }
diff --git a/config/speedtest.php b/config/speedtest.php
@@ -27,5 +27,5 @@
     /**
      * Security
      */
-    'allow_embeds' => env('ALLOW_EMBEDS', null),
+    'allow_embeds' => env('ALLOW_EMBEDS', 'SAMEORIGIN'),
 ];

Original file line number	Diff line number	Diff line change
`@@ -17,9 +17,7 @@ public function handle(Request $request, Closure $next): Response`
`17`	`17`	`{`
`18`	`18`	`$response = $next($request);`
`19`	`19`
`20`		`- if (! blank(config('speedtest.allow_embeds'))) {`
`21`		`- $response->header('X-Frame-Options', 'ALLOW-FROM '.config('speedtest.allow_embeds'));`
`22`		`- }`
	`20`	`+ $response->header('X-Frame-Options', 'ALLOW-FROM '.config('speedtest.allow_embeds'));`
`23`	`21`
`24`	`22`	`return $response;`
`25`	`23`	`}`