From e77aa36e709c6bfc23f2aa316c1102eadec7f384 Mon Sep 17 00:00:00 2001 From: Jonathan Hodgson Date: Mon, 11 Jan 2021 12:07:07 +0000 Subject: [PATCH] Makes detection of x-frame-options value case insensitive In other words, sameorigin == SAMEORIGIN == saMeOriGIN This is in line with the spec for the header: https://tools.ietf.org/html/rfc7034 --- bin/.bin/webtest/analyse-headers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/.bin/webtest/analyse-headers b/bin/.bin/webtest/analyse-headers index 780f7e86..d8b0a031 100755 --- a/bin/.bin/webtest/analyse-headers +++ b/bin/.bin/webtest/analyse-headers @@ -118,7 +118,7 @@ of old browsers\n\n" test_x-frame-options(){ local value - value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)" + value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace | tr '[:lower:]' '[:upper:]')" case "$value" in "SAMEORIGIN"|"DENY") return 0 ;; "ALLOW-FROM"*)