mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #6459 from robbieaverill/feature/nofollow-robots-in-security
Add X-Robots-Tag noindex,nofollow header from Security controller to prevent indexing
This commit is contained in:
commit
f2470cc98d
@ -146,6 +146,14 @@ class Security extends Controller implements TemplateGlobalProvider {
|
|||||||
*/
|
*/
|
||||||
private static $frame_options = 'SAMEORIGIN';
|
private static $frame_options = 'SAMEORIGIN';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Value of the X-Robots-Tag header (for the Security section)
|
||||||
|
*
|
||||||
|
* @config
|
||||||
|
* @var string
|
||||||
|
*/
|
||||||
|
private static $robots_tag = 'noindex, nofollow';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get location of word list file
|
* Get location of word list file
|
||||||
*
|
*
|
||||||
@ -326,6 +334,11 @@ class Security extends Controller implements TemplateGlobalProvider {
|
|||||||
|
|
||||||
// Prevent clickjacking, see https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
|
// Prevent clickjacking, see https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
|
||||||
$this->getResponse()->addHeader('X-Frame-Options', $this->config()->frame_options);
|
$this->getResponse()->addHeader('X-Frame-Options', $this->config()->frame_options);
|
||||||
|
|
||||||
|
// Prevent search engines from indexing the login page
|
||||||
|
if ($this->config()->robots_tag) {
|
||||||
|
$this->getResponse()->addHeader('X-Robots-Tag', $this->config()->robots_tag);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function index() {
|
public function index() {
|
||||||
|
@ -574,6 +574,20 @@ class SecurityTest extends FunctionalTest {
|
|||||||
Security::$force_database_is_ready = $old;
|
Security::$force_database_is_ready = $old;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testSecurityControllerSendsRobotsTagHeader() {
|
||||||
|
$response = $this->get(Config::inst()->get('Security', 'login_url'));
|
||||||
|
$robotsHeader = $response->getHeader('X-Robots-Tag');
|
||||||
|
$this->assertNotNull($robotsHeader);
|
||||||
|
$this->assertContains('noindex', $robotsHeader);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testDoNotSendEmptyRobotsHeaderIfNotDefined() {
|
||||||
|
Config::inst()->update('Security', 'robots_tag', null);
|
||||||
|
$response = $this->get(Config::inst()->get('Security', 'login_url'));
|
||||||
|
$robotsHeader = $response->getHeader('X-Robots-Tag');
|
||||||
|
$this->assertNull($robotsHeader);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Execute a log-in form using Director::test().
|
* Execute a log-in form using Director::test().
|
||||||
* Helper method for the tests above
|
* Helper method for the tests above
|
||||||
|
Loading…
Reference in New Issue
Block a user