#15 Add X-Frame-Options / frame-ancestors support
Closed: Fixed None Opened 6 years ago by simo.

This help preventing click jacking attacks by embedding the login/administration pages into iframes.

Fields changed

milestone: => 1.0 m3
owner: simo => npmccallum
status: new => assigned

Fields changed

owner: npmccallum =>

Fields changed

status: assigned => new

We should set these headers on the Endpoint class, so it gets set by default for any new page, and then have a decorator to disable it for specific pages (Persona and SAML Logout for now)

patch_available: => 0

Fields changed

milestone: 1.0 m3 => 1.0

Fields changed

milestone: 1.0 m4 => 1.0

Fields changed

design_link: =>
owner: => rcritten
status: new => accepted

Patch in my fedorapeople xframe_headers branch.

patch_available: 0 => 1

master: 44f663a

resolution: => fixed
status: accepted => closed

Fields changed

rhbz: => 0

Metadata Update from @nkinder:
- Issue assigned to rcritten
- Issue set to the milestone: 1.0

4 years ago

Login to comment on this ticket.