Issue #4631: Add X-Frame-Options, frame-ancestors to UI webpages - freeipa

freeipa

#4631 Add X-Frame-Options, frame-ancestors to UI webpages

Closed: Fixed None Opened 9 years ago by simo.

These options allow preventing clickjacking attacks and are very simple to set, so it seem a worth low hanging fruit to strenghten the security of the UI.

mkosek commented 8 years ago

During processing of remaining tickets in 4.2 Backlog, this ticket was found as suitable to be fixed in the nearest bugfixing branch - which is 4.2.x.

pvoborni commented 8 years ago

FreeIPA 4.2.1 was released, moving to 4.2.x.

pvoborni commented 8 years ago

master:

6eb174c Add X-Frame-Options and frame-ancestors options

ipa-4-3:

d98345b Add X-Frame-Options and frame-ancestors options

pvoborni commented 7 years ago

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1352912 (Red Hat Enterprise Linux 7)

Metadata Update from @simo:
- Issue assigned to pvomacka
- Issue set to the milestone: FreeIPA 4.3.2

7 years ago

Metadata

Assignee

pvomacka

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.3.2

None

affects_doc

None

source

None

knownissue

None

type

task

blockedby

None

test_case

None

component

Web UI

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1352912

tester

None

changelog

None

design

None

freeipa

Source Code

#4631 Add X-Frame-Options, frame-ancestors to UI webpages Closed: Fixed None Opened 9 years ago by simo.

Metadata

#4631 Add X-Frame-Options, frame-ancestors to UI webpages

Closed: Fixed None Opened 9 years ago by simo.