[OFBIZ-9891] X-Frame-Options configuration is not working - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Trunk
Fix Version/s: 17.12.01
Component/s: framework
Labels:
None

Description

The configuration attribute in the controller/site-conf.xsd is "x-frame-option" while the Controller reads "x-frame-options".

I will change this to be "x-frame-options" in controller/site-conf.xsd also because the Header value is "X-Frame-Options".

I also propose to introduce another configuration token "none" to be able to switch off this header value for the view, same mechanism as for strict-transport-security.

What do you think?

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OFBIZ-9891_Bug_x-frame-option.patch
25/Oct/17 09:28
2 kB
Michael Brohl

Activity

People

Assignee:: Michael Brohl

Reporter:: Michael Brohl

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 25/Oct/17 09:08

Updated:: 25/Oct/17 12:57

Resolved:: 25/Oct/17 12:57