ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-9891) X-Frame-Options configuration is not working
Date Wed, 25 Oct 2017 12:39:00 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-9891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16218524#comment-16218524
] 

Jacques Le Roux commented on OFBIZ-9891:
----------------------------------------

+1

> X-Frame-Options configuration is not working
> --------------------------------------------
>
>                 Key: OFBIZ-9891
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9891
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Michael Brohl
>            Assignee: Michael Brohl
>         Attachments: OFBIZ-9891_Bug_x-frame-option.patch
>
>
> The configuration attribute in the controller/site-conf.xsd is "x-frame-option" while
the Controller reads "x-frame-options".
> I will change this to be  "x-frame-options" in controller/site-conf.xsd also because
the Header value is "X-Frame-Options".
> I also propose to introduce another configuration token "none" to be able to switch off
this header value for the view, same mechanism as for strict-transport-security.
> What do you think?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message