Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-9891

X-Frame-Options configuration is not working

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Trunk
    • Fix Version/s: Upcoming Release
    • Component/s: framework
    • Labels:
      None

      Description

      The configuration attribute in the controller/site-conf.xsd is "x-frame-option" while the Controller reads "x-frame-options".

      I will change this to be "x-frame-options" in controller/site-conf.xsd also because the Header value is "X-Frame-Options".

      I also propose to introduce another configuration token "none" to be able to switch off this header value for the view, same mechanism as for strict-transport-security.

      What do you think?

        Activity

        Hide
        mbrohl Michael Brohl added a comment -

        This is the patch for the bugfix and the additional configuration option "none".

        Show
        mbrohl Michael Brohl added a comment - This is the patch for the bugfix and the additional configuration option "none".
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        +1

        Show
        jacques.le.roux Jacques Le Roux added a comment - +1
        Hide
        mbrohl Michael Brohl added a comment -

        This fix/improvement is in trunk r1813276.

        Show
        mbrohl Michael Brohl added a comment - This fix/improvement is in trunk r1813276.

          People

          • Assignee:
            mbrohl Michael Brohl
            Reporter:
            mbrohl Michael Brohl
          • Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development