001/* 002 * Stallion Core: A Modern Web Framework 003 * 004 * Copyright (C) 2015 - 2016 Stallion Software LLC. 005 * 006 * This program is free software: you can redistribute it and/or modify it under the terms of the 007 * GNU General Public License as published by the Free Software Foundation, either version 2 of 008 * the License, or (at your option) any later version. This program is distributed in the hope that 009 * it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of 010 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public 011 * License for more details. You should have received a copy of the GNU General Public License 012 * along with this program. If not, see <http://www.gnu.org/licenses/gpl-2.0.html>. 013 * 014 * 015 * 016 */ 017 018package io.stallion.requests; 019 020import io.stallion.settings.Settings; 021 022import static io.stallion.utils.Literals.*; 023import static io.stallion.Context.*; 024 025 026public class XFrameOptionsHandler { 027 public static void handle(IRequest request, StResponse response) { 028 if (!empty(response.getHeader("X-Frame-Options"))) { 029 return; 030 } 031 if (request.getItems().containsKey("!!stallion-skip-xframe-options")) { 032 return; 033 } 034 String options = Settings.instance().getxFrameOptions(); 035 if (empty(options)) { 036 return; 037 } 038 response.addHeader("X-Frame-Options", options); 039 } 040}