Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-5366

Implement Content Security Policy frame-ancestors directive

    Details

      Description

      The X-Frame-Options headers [1] currently in place to prevent malicious framing / clickjacking [2] are superseded by and should be replaced by the Content Security Policy frame-ancestors [3] directive.

      [1] https://tools.ietf.org/html/rfc7034
      [2] https://en.wikipedia.org/wiki/Clickjacking
      [3] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                thenatog Nathan Gough
                Reporter:
                alopresto Andy LoPresto
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: