ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Brohl (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OFBIZ-9891) X-Frame-Options configuration is not working
Date Wed, 25 Oct 2017 09:09:00 GMT
Michael Brohl created OFBIZ-9891:
------------------------------------

             Summary: X-Frame-Options configuration is not working
                 Key: OFBIZ-9891
                 URL: https://issues.apache.org/jira/browse/OFBIZ-9891
             Project: OFBiz
          Issue Type: Bug
          Components: framework
    Affects Versions: Trunk
            Reporter: Michael Brohl
            Assignee: Michael Brohl


The configuration attribute in the controller/site-conf.xsd is "x-frame-option" while the
Controller reads "x-frame-options".

I will change this to be  "x-frame-options" in controller/site-conf.xsd also because the Header
value is "X-Frame-Options".

I also propose to introduce another configuration token "none" to be able to switch off this
header value for the view, same mechanism as for strict-transport-security.

What do you think?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message