Module: check_mk
Branch: master
Commit: c4187363ab28704406963ec926eb9fbe2b6dbea8
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=c4187363ab2870…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Apr 17 17:08:50 2012 +0200
Login page is not shown in framesets anymore (redirects framed page to
full screen login page)
---
ChangeLog | 2 ++
web/htdocs/login.py | 5 +++++
2 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 96d897c..b52ae4e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -48,6 +48,8 @@
* FIX: Fix problem where snapins where invisible
* FIX: Fixed multisite timeout errors when nagios not running
* Sidebar: some new layout improvements
+ * Login page is not shown in framesets anymore (redirects framed page to
+ full screen login page)
BI
* FIX: Fixed filtering of Single-Host Aggregations
diff --git a/web/htdocs/login.py b/web/htdocs/login.py
index fcbb1f4..30550c6 100644
--- a/web/htdocs/login.py
+++ b/web/htdocs/login.py
@@ -220,6 +220,11 @@ def normal_login_page():
html.set_render_headfoot(False)
html.header(_("Check_MK Multisite Login"), javascripts=[],
stylesheets=["pages", "login"])
+ # Never allow the login page to be opened in a frameset. Redirect top page to login
page
+ html.javascript('''if(top != self) {
+ window.top.location.href = location;
+}''')
+
origtarget = html.var('_origtarget', '')
if not origtarget and not html.req.myfile == 'login':
origtarget = html.makeuri([])