This help preventing click jacking attacks by embedding the login/administration pages into iframes.
Fields changed
milestone: => 1.0 m3 owner: simo => npmccallum status: new => assigned
owner: npmccallum =>
status: assigned => new
We should set these headers on the Endpoint class, so it gets set by default for any new page, and then have a decorator to disable it for specific pages (Persona and SAML Logout for now)
patch_available: => 0
milestone: 1.0 m3 => 1.0
milestone: 1.0 m4 => 1.0
design_link: => owner: => rcritten status: new => accepted
Patch in my fedorapeople xframe_headers branch.
patch_available: 0 => 1
master: 44f663a
resolution: => fixed status: accepted => closed
rhbz: => 0
Metadata Update from @nkinder: - Issue assigned to rcritten - Issue set to the milestone: 1.0
Login to comment on this ticket.