Merge pull request #6459 from robbieaverill/feature/nofollow-robots-in-security

Add X-Robots-Tag noindex,nofollow header from Security controller to prevent indexing
This commit is contained in:
Daniel Hensby 2017-01-13 12:38:04 +00:00 committed by GitHub
commit f2470cc98d
2 changed files with 27 additions and 0 deletions

View File

@ -146,6 +146,14 @@ class Security extends Controller implements TemplateGlobalProvider {
*/ */
private static $frame_options = 'SAMEORIGIN'; private static $frame_options = 'SAMEORIGIN';
/**
* Value of the X-Robots-Tag header (for the Security section)
*
* @config
* @var string
*/
private static $robots_tag = 'noindex, nofollow';
/** /**
* Get location of word list file * Get location of word list file
* *
@ -326,6 +334,11 @@ class Security extends Controller implements TemplateGlobalProvider {
// Prevent clickjacking, see https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options // Prevent clickjacking, see https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
$this->getResponse()->addHeader('X-Frame-Options', $this->config()->frame_options); $this->getResponse()->addHeader('X-Frame-Options', $this->config()->frame_options);
// Prevent search engines from indexing the login page
if ($this->config()->robots_tag) {
$this->getResponse()->addHeader('X-Robots-Tag', $this->config()->robots_tag);
}
} }
public function index() { public function index() {

View File

@ -574,6 +574,20 @@ class SecurityTest extends FunctionalTest {
Security::$force_database_is_ready = $old; Security::$force_database_is_ready = $old;
} }
public function testSecurityControllerSendsRobotsTagHeader() {
$response = $this->get(Config::inst()->get('Security', 'login_url'));
$robotsHeader = $response->getHeader('X-Robots-Tag');
$this->assertNotNull($robotsHeader);
$this->assertContains('noindex', $robotsHeader);
}
public function testDoNotSendEmptyRobotsHeaderIfNotDefined() {
Config::inst()->update('Security', 'robots_tag', null);
$response = $this->get(Config::inst()->get('Security', 'login_url'));
$robotsHeader = $response->getHeader('X-Robots-Tag');
$this->assertNull($robotsHeader);
}
/** /**
* Execute a log-in form using Director::test(). * Execute a log-in form using Director::test().
* Helper method for the tests above * Helper method for the tests above