Support SameOrigin

diff --git a/plugins/frames.php b/plugins/frames.php
index 086e05454008100d949b3ddc18efccc630084787..8cbebd9dcfc29553ab1d9f3561abe3cf4e839118 100644 (file)
--- a/plugins/frames.php
+++ b/plugins/frames.php
@@ -1,14 +1,26 @@
 <?php
 
-/** Allow using Adminer inside a frame
+/** Allow using Adminer inside a frame (disables ClickJacking protection)
 * @author Jakub Vrana, http://www.vrana.cz/
 * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
 * @license http://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
 */
 class AdminerFrames {
+       var $sameOrigin;
+       
+       /**
+       * @param bool allow running from the same origin only
+       */
+       function AdminerFrames($sameOrigin = false) {
+               $this->sameOrigin = $sameOrigin;
+       }
        
        function headers() {
+               if ($this->sameOrigin) {
+                       header("X-Frame-Options: SameOrigin");
+               }
                header("X-XSS-Protection: 0");
+               return true;
        }
        
 }