public static function setXFrameOptions($origin = null)
{
if (self::$xframe_loaded) {
return;
}
if ($origin !== null) {
$url = parse_url($origin);
header(sprintf('X-Frame-Options: %s', is_array($url) ? "ALLOW-FROM " . (isset($url['scheme']) ? $url['scheme'] . ':' : '') . '//' . $url['host'] : 'SAMEORIGIN'));
} else {
header('X-Frame-Options: SAMEORIGIN');
// FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
}
self::$xframe_loaded = true;
}
