Easier sending of default headers (customization)

adminer/include/adminer.inc.php

@@ -35,11 +35,10 @@ class Adminer {
 	}
 	
 	/** Headers to send before HTML output
-	* @return null
+	* @return bool true to send security headers
 	*/
 	function headers() {
-		header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox 3.6.9
-		header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
+		return true;
 	}
 	
 	/** Print HTML code inside <head>

adminer/include/design.inc.php

@@ -9,7 +9,10 @@
 function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
 	global $LANG, $adminer, $connection, $drivers;
 	header("Content-Type: text/html; charset=utf-8");
-	$adminer->headers();
+	if ($adminer->headers()) {
+		header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox 3.6.9
+		header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
+	}
 	$title_all = $title . ($title2 != "" ? ": " . h($title2) : "");
 	$title_page = strip_tags($title_all . (SERVER != "" && SERVER != "localhost" ? h(" - " . SERVER) : "") . " - " . $adminer->name());
 	if (is_ajax()) {

changes.txt

@@ -8,6 +8,7 @@ Autocomplete for big foreign keys (Editor)
 Display name of the referenced record in PostgreSQL (Editor)
 Customizable favicon (customization)
 Method name can return a link (customization)
+Easier sending of default headers (customization)
 
 Adminer 3.2.2 (released 2011-03-28):
 Fix AJAX history after reload

editor/include/adminer.inc.php

@@ -27,8 +27,7 @@ class Adminer {
 	}
 	
 	function headers() {
-		header("X-Frame-Options: deny");
-		header("X-XSS-Protection: 0");
+		return true;
 	}
 	
 	function head() {