From aafbb55572b0918a2ae1d0000e8a7871279a0931 Mon Sep 17 00:00:00 2001
From: psychobunny <psycho.bunny@hotmail.com>
Date: Mon, 2 Jun 2014 16:52:16 -0400
Subject: [PATCH] closes #1616

---
 src/middleware/index.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/middleware/index.js b/src/middleware/index.js
index c4ddc379c0..376436bf34 100644
--- a/src/middleware/index.js
+++ b/src/middleware/index.js
@@ -214,8 +214,13 @@ module.exports = function(app, data) {
 
 		app.use(function (req, res, next) {
 			res.locals.csrf_token = req.session._csrf;
-			res.setHeader('X-Frame-Options', 'SAMEORIGIN');
 			res.setHeader('X-Powered-By', 'NodeBB');
+
+			res.setHeader('X-Frame-Options', 'SAMEORIGIN');
+			if (meta.config['allow-from-uri']) {
+				res.setHeader('ALLOW-FROM', meta.config['allow-from-uri']);
+			}
+
 			next();
 		});