Extract function from cross_framing_protection.js

Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>

3 files changed, 23 insertions, 22 deletions

diff --git a/js/src/cross_framing_protection.js b/js/src/cross_framing_protection.js
index 2f94fe5337..e25e60ab51 100644
--- a/js/src/cross_framing_protection.js
+++ b/js/src/cross_framing_protection.js
@@ -1,13 +1,24 @@
 /**
- * Conditionally included if framing is not allowed
+ * Conditionally included if framing is not allowed.
+ * @return {void}
  */
-if (self === top) {
-    var styleElement = document.getElementById('cfs-style');
-    // check if styleElement has already been removed
-    // to avoid frequently reported js error
-    if (typeof(styleElement) !== 'undefined' && styleElement !== null) {
-        styleElement.parentNode.removeChild(styleElement);
+const crossFramingProtection = () => {
+    if (window.allowThirdPartyFraming) {
+        return;
     }
-} else {
-    top.location = self.location;
-}
+
+    if (window.self !== window.top) {
+        window.top.location = window.self.location;
+        return;
+    }
+
+    const styleElement = document.getElementById('cfs-style');
+    // check if styleElement has already been removed to avoid frequently reported js error
+    if (typeof (styleElement) === 'undefined' || styleElement === null) {
+        return;
+    }
+
+    styleElement.parentNode.removeChild(styleElement);
+};
+
+crossFramingProtection();
diff --git a/libraries/classes/Header.php b/libraries/classes/Header.php
index afc6f03f63..48edfe469e 100644
--- a/libraries/classes/Header.php
+++ b/libraries/classes/Header.php
@@ -140,17 +140,7 @@ class Header
         $this->scripts->addFile('vendor/jquery/jquery.validate.js');
         $this->scripts->addFile('vendor/jquery/jquery-ui-timepicker-addon.js');
         $this->scripts->addFile('menu_resizer.js');
-
-        // Cross-framing protection
-        // At this point browser settings are not merged
-        // this is good that we only use file configuration for this protection
-        if ($GLOBALS['cfg']['AllowThirdPartyFraming'] === false) {
-            $this->scripts->addFile('cross_framing_protection.js');
-        }
-
-        // Here would not be a good place to add CodeMirror because
-        // the user preferences have not been merged at this point
-
+        $this->scripts->addFile('cross_framing_protection.js');
         $this->scripts->addFile('messages.php', ['l' => $GLOBALS['lang']]);
         $this->scripts->addFile('config.js');
         $this->scripts->addFile('doclinks.js');
diff --git a/templates/header.twig b/templates/header.twig
index 963d5f0044..6b21a5ca0b 100644
--- a/templates/header.twig
+++ b/templates/header.twig
@@ -4,7 +4,7 @@
   <meta charset="utf-8">
   <meta name="viewport" content="width=device-width, initial-scale=1">
   <meta name="referrer" content="no-referrer">
-  <meta name="robots" content="noindex,nofollow">
+  <script>window.allowThirdPartyFraming = {{ allow_third_party_framing == 'sameorigin' ? '"sameorigin"' : (allow_third_party_framing ? '1' : '0') }};</script>
   {% if not allow_third_party_framing -%}
     <style id="cfs-style">html{display: none;}</style>
   {%- endif %}