Add option to control WebUI clickjacking protection

Some users actually want embedding WebUI into their custom build iframe. Closes #7370.
2025-07-07 05:31:25 -07:00 · 2018-05-21 23:33:44 +08:00 · 2018-05-21 23:33:44 +08:00 · bad4d94f77
commit bad4d94f77
parent e8a69dd60c
8 changed files with 52 additions and 3 deletions
--- a/src/webui/api/appcontroller.cpp
+++ b/src/webui/api/appcontroller.cpp
@ -205,6 +205,8 @@ void AppController::preferencesAction()
    for (const Utils::Net::Subnet &subnet : copyAsConst(pref->getWebUiAuthSubnetWhitelist()))
        authSubnetWhitelistStringList << Utils::Net::subnetToString(subnet);
    data["bypass_auth_subnet_whitelist"] = authSubnetWhitelistStringList.join("\n");
+    // Security
+    data["web_ui_clickjacking_protection_enabled"] = pref->isWebUiClickjackingProtectionEnabled();
    // Update my dynamic domain name
    data["dyndns_enabled"] = pref->isDynDNSEnabled();
    data["dyndns_service"] = pref->getDynDNSService();
@ -479,6 +481,9 @@ void AppController::setPreferencesAction()
        // recognize new lines and commas as delimiters
        pref->setWebUiAuthSubnetWhitelist(m["bypass_auth_subnet_whitelist"].toString().split(QRegularExpression("\n|,"), QString::SkipEmptyParts));
    }
+    // Security
+    if (m.contains("web_ui_clickjacking_protection_enabled"))
+        pref->setWebUiClickjackingProtectionEnabled(m["web_ui_clickjacking_protection_enabled"].toBool());
    // Update my dynamic domain name
    if (m.contains("dyndns_enabled"))
        pref->setDynDNSEnabled(m["dyndns_enabled"].toBool());