Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-1323

Reconcile WebAppSecurity provider X-Frame-Options and X-Content-Type-Options param names

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.0
    • Fix Version/s: 1.1.0
    • Component/s: AdminUI, Server, Site
    • Labels:
      None

      Description

      The X-Frame-Options params for the WebAppSec provider do not match what is documented.

      Since the implementation is being used (e.g., manager.xml, knoxsso.xml), the appropriate resolution is to correct the docs.

      Additionally, since the Admin UI support for this was based on the docs, it also needs to be updated to produce the correct params.

      Further, the X-Content-Type-Options param names should be similar in form to the X-Frame-Options param names.

      The correct param names are:

      • xframe.options
      • xframe.options.enabled
      • xcontent-type.options
      • xcontent-type.options.enabled

      The User Guide must be updated to reflect the correct X-Frame-Options param names; it currently describes xframe-options.enabled and xframe-options.value

       

        Attachments

          Activity

            People

            • Assignee:
              pzampino Philip Zampino
              Reporter:
              pzampino Philip Zampino
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: