Michael Brohl created OFBIZ-9891:
------------------------------------
Summary: X-Frame-Options configuration is not working
Key: OFBIZ-9891
URL: https://issues.apache.org/jira/browse/OFBIZ-9891
Project: OFBiz
Issue Type: Bug
Components: framework
Affects Versions: Trunk
Reporter: Michael Brohl
Assignee: Michael Brohl
The configuration attribute in the controller/site-conf.xsd is "x-frame-option" while the
Controller reads "x-frame-options".
I will change this to be "x-frame-options" in controller/site-conf.xsd also because the Header
value is "X-Frame-Options".
I also propose to introduce another configuration token "none" to be able to switch off this
header value for the view, same mechanism as for strict-transport-security.
What do you think?
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
|