Add X-Robots-Tag noindex,nofollow header from Security controller to prevent indexing

This commit is contained in:
Robbie Averill 2017-01-09 16:13:39 +13:00
parent 3e32b18c6b
commit cb2dcc75f1
2 changed files with 18 additions and 0 deletions

View File

@ -146,6 +146,14 @@ class Security extends Controller implements TemplateGlobalProvider {
*/ */
private static $frame_options = 'SAMEORIGIN'; private static $frame_options = 'SAMEORIGIN';
/**
* Value of the X-Robots-Tag header (for the Security section)
*
* @config
* @var string
*/
private static $robots_tag = 'noindex, nofollow';
/** /**
* Get location of word list file * Get location of word list file
* *
@ -326,6 +334,9 @@ class Security extends Controller implements TemplateGlobalProvider {
// Prevent clickjacking, see https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options // Prevent clickjacking, see https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
$this->getResponse()->addHeader('X-Frame-Options', $this->config()->frame_options); $this->getResponse()->addHeader('X-Frame-Options', $this->config()->frame_options);
// Prevent search engines from indexing the login page
$this->getResponse()->addHeader('X-Robots-Tag', $this->config()->robots_tag);
} }
public function index() { public function index() {

View File

@ -574,6 +574,13 @@ class SecurityTest extends FunctionalTest {
Security::$force_database_is_ready = $old; Security::$force_database_is_ready = $old;
} }
public function testSecurityControllerSendsRobotsTagHeader() {
$response = $this->get(Config::inst()->get('Security', 'login_url'));
$robotsHeader = $response->getHeader('X-Robots-Tag');
$this->assertNotNull($robotsHeader);
$this->assertContains('noindex', $robotsHeader);
}
/** /**
* Execute a log-in form using Director::test(). * Execute a log-in form using Director::test().
* Helper method for the tests above * Helper method for the tests above