diff --git a/app/code/Magento/Backend/etc/adminhtml/di.xml b/app/code/Magento/Backend/etc/adminhtml/di.xml
index 5a391cbd84f324f8ec1d198800b9eeef33c224ec..970b081a15afac55001d2a29a789ae9c9b1e8cfd 100644
--- a/app/code/Magento/Backend/etc/adminhtml/di.xml
+++ b/app/code/Magento/Backend/etc/adminhtml/di.xml
@@ -127,9 +127,9 @@
</argument>
</arguments>
</type>
- <type name="Magento\Framework\App\Response\XFrameOptPlugin">
+ <type name="Magento\Framework\App\Response\Header\XFrameOptions">
<arguments>
- <argument name="xFrameOpt" xsi:type="const">Magento\Framework\App\Response\XFrameOptPlugin::BACKEND_X_FRAME_OPT</argument>
+ <argument name="xFrameOpt" xsi:type="const">Magento\Framework\App\Response\Header\XFrameOptions::BACKEND_X_FRAME_OPT</argument>
</arguments>
</type>
<preference for="Magento\Framework\App\Router\PathConfigInterface" type="Magento\Backend\Model\AdminPathConfig" />
diff --git a/app/code/Magento/Store/etc/di.xml b/app/code/Magento/Store/etc/di.xml
index e0371cb29ff30eee72ff1a45082ae0c5febbf865..44fc0bef82eba9f5df50afe7e7f6122a677875e6 100644
--- a/app/code/Magento/Store/etc/di.xml
+++ b/app/code/Magento/Store/etc/di.xml
@@ -22,11 +22,11 @@
<preference for="Magento\Store\Api\StoreManagementInterface" type="Magento\Store\Model\StoreManagement"/>
<preference for="Magento\Store\Api\WebsiteManagementInterface" type="Magento\Store\Model\WebsiteManagement"/>
<type name="Magento\Framework\App\Response\Http">
- <plugin name="xFrameOptionsHeader" type="Magento\Framework\App\Response\XFrameOptPlugin"/>
+ <plugin name="genericHeaderPlugin" type="Magento\Framework\App\Response\HeaderManager"/>
</type>
- <type name="Magento\Framework\App\Response\XFrameOptPlugin">
+ <type name="Magento\Framework\App\Response\Header\XFrameOptions">
<arguments>
- <argument name="xFrameOpt" xsi:type="init_parameter">Magento\Framework\App\Response\XFrameOptPlugin::DEPLOYMENT_CONFIG_X_FRAME_OPT</argument>
+ <argument name="xFrameOpt" xsi:type="init_parameter">Magento\Framework\App\Response\Header\XFrameOptions::DEPLOYMENT_CONFIG_X_FRAME_OPT</argument>
</arguments>
</type>
<type name="Magento\Framework\App\Config\ScopePool">
diff --git a/app/etc/di.xml b/app/etc/di.xml
index 1017afa8f3d823d31eb8becdd6b80a2a2c9e24a1..d3d67b9bb3552d055ce8a546caa3f0a35b1a0f7f 100755
--- a/app/etc/di.xml
+++ b/app/etc/di.xml
@@ -1072,4 +1072,11 @@
<argument name="fileResolver" xsi:type="object">Magento\Framework\Config\FileResolver</argument>
</arguments>
</type>
+ <type name="Magento\Framework\App\Response\HeaderManager">
+ <arguments>
+ <argument name="headerProviderList" xsi:type="array">
+ <item name="x-frame-options" xsi:type="object">Magento\Framework\App\Response\Header\XFrameOptions</item>
+ </argument>
+ </arguments>
+ </type>
</config>
diff --git a/lib/internal/Magento/Framework/App/Response/Header/AbstractHeader.php b/lib/internal/Magento/Framework/App/Response/Header/AbstractHeader.php
new file mode 100644
index 0000000000000000000000000000000000000000..d723d0f575b43f97e9c5f7a43ca2d18d67bd779b
--- /dev/null
+++ b/lib/internal/Magento/Framework/App/Response/Header/AbstractHeader.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Framework\App\Response\Header;
+
+use Magento\Framework\App\Response\HeaderProviderInterface;
+
+/**
+ * Class to be used for setting headers with static values
+ */
+abstract class AbstractHeader implements HeaderProviderInterface
+{
+ /** @var string */
+ protected $name = '';
+
+ /** @var string */
+ protected $value = '';
+
+ /**
+ * Whether the header should be attached to the response
+ *
+ * @return bool
+ */
+ public function canApply()
+ {
+ return true;
+ }
+
+ /**
+ * Header name
+ *
+ * @return string
+ */
+ public function getName()
+ {
+ return $this->name;
+ }
+
+ /**
+ * Header value
+ *
+ * @return string
+ */
+ public function getValue()
+ {
+ return $this->value;
+ }
+}
diff --git a/lib/internal/Magento/Framework/App/Response/XFrameOptPlugin.php b/lib/internal/Magento/Framework/App/Response/Header/XFrameOptions.php
similarity index 50%
rename from lib/internal/Magento/Framework/App/Response/XFrameOptPlugin.php
rename to lib/internal/Magento/Framework/App/Response/Header/XFrameOptions.php
index a108b754893e0ecc1eed081e0e0fe47dcb0f4790..fcfe662e4746b27d93f1887aa46fa9360bacaba7 100644
--- a/lib/internal/Magento/Framework/App/Response/XFrameOptPlugin.php
+++ b/lib/internal/Magento/Framework/App/Response/Header/XFrameOptions.php
@@ -1,15 +1,17 @@
<?php
-/***
+/**
* Copyright © 2015 Magento. All rights reserved.
* See COPYING.txt for license details.
*/
+namespace Magento\Framework\App\Response\Header;
-namespace Magento\Framework\App\Response;
+use Magento\Framework\App\Response\HeaderProviderInterface;
+use Magento\Framework\App\Response\Http;
/**
* Adds an X-FRAME-OPTIONS header to HTTP responses to safeguard against click-jacking.
*/
-class XFrameOptPlugin
+class XFrameOptions implements HeaderProviderInterface
{
/** Deployment config key for frontend x-frame-options header value */
const DEPLOYMENT_CONFIG_X_FRAME_OPT = 'x-frame-options';
@@ -18,7 +20,8 @@ class XFrameOptPlugin
const BACKEND_X_FRAME_OPT = 'SAMEORIGIN';
/**
- *The header value
+ * The header value
+ *
* @var string
*/
private $xFrameOpt;
@@ -32,12 +35,32 @@ class XFrameOptPlugin
}
/**
- * @param \Magento\Framework\App\Response\Http $subject
- * @return void
- * @codeCoverageIgnore
+ * Whether the header should be attached to the response
+ *
+ * @return bool
+ */
+ public function canApply()
+ {
+ return true;
+ }
+
+ /**
+ * Header name
+ *
+ * @return string
+ */
+ public function getName()
+ {
+ return Http::HEADER_X_FRAME_OPT;
+ }
+
+ /**
+ * Header value
+ *
+ * @return string
*/
- public function beforeSendResponse(\Magento\Framework\App\Response\Http $subject)
+ public function getValue()
{
- $subject->setXFrameOptions($this->xFrameOpt);
+ return $this->xFrameOpt;
}
}
diff --git a/lib/internal/Magento/Framework/App/Response/HeaderManager.php b/lib/internal/Magento/Framework/App/Response/HeaderManager.php
new file mode 100644
index 0000000000000000000000000000000000000000..3d2f57028ed80239f8393a4d1ae04c7cece5c0d8
--- /dev/null
+++ b/lib/internal/Magento/Framework/App/Response/HeaderManager.php
@@ -0,0 +1,47 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Framework\App\Response;
+
+use Magento\Framework\App\Response\HeaderProviderInterface;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\Phrase;
+
+class HeaderManager
+{
+ /**
+ * @var HeaderProviderInterface[]
+ */
+ private $headerProviders;
+
+ /**
+ * @param HeaderProviderInterface[]
+ * @throws LocalizedException In case one of the header providers is invalid
+ */
+ public function __construct($headerProviderList)
+ {
+ foreach ($headerProviderList as $header)
+ {
+ if (!($header instanceof HeaderProviderInterface)) {
+ throw new LocalizedException(new Phrase('Invalid header provider'));
+ }
+ }
+ $this->headerProviders = $headerProviderList;
+ }
+
+ /**
+ * @param \Magento\Framework\App\Response\Http $subject
+ * @return void
+ * @codeCoverageIgnore
+ */
+ public function beforeSendResponse(\Magento\Framework\App\Response\Http $subject)
+ {
+ foreach ($this->headerProviders as $provider) {
+ if ($provider->canApply()) {
+ $subject->setHeader($provider->getName(), $provider->getValue());
+ }
+ }
+ }
+}
diff --git a/lib/internal/Magento/Framework/App/Response/HeaderProviderInterface.php b/lib/internal/Magento/Framework/App/Response/HeaderProviderInterface.php
new file mode 100644
index 0000000000000000000000000000000000000000..9dbdcc00638c0fceb1a45019bc20050d75276bf9
--- /dev/null
+++ b/lib/internal/Magento/Framework/App/Response/HeaderProviderInterface.php
@@ -0,0 +1,30 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Framework\App\Response;
+
+interface HeaderProviderInterface
+{
+ /**
+ * Whether the header should be attached to the response
+ *
+ * @return bool
+ */
+ public function canApply();
+
+ /**
+ * Header name
+ *
+ * @return string
+ */
+ public function getName();
+
+ /**
+ * Header value
+ *
+ * @return string
+ */
+ public function getValue();
+}