Closed
Bug 568768
Opened 14 years ago
Closed 14 years ago
[SSO] May login screen be framed?
Categories
(Webtools Graveyard :: SSO (Legacy), defect, P1)
Webtools Graveyard
SSO (Legacy)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: wenzel, Assigned: wenzel)
References
Details
(Whiteboard: [infrasec:access])
From the Security review: "Will framing of the html login form be allowed? If not, appropriate x-frame-options header must be set."
Updated•14 years ago
|
Whiteboard: [infrasec:access]
Assignee | ||
Updated•14 years ago
|
Component: Webdev → SSO
Product: mozilla.org → Webtools
Updated•14 years ago
|
QA Contact: webdev → sso
Assignee | ||
Updated•14 years ago
|
Priority: -- → P1
Assignee | ||
Updated•14 years ago
|
Assignee: fwenzel → nobody
Assignee | ||
Comment 1•14 years ago
|
||
1) I imported Jsocol's commonware which just now got an x-frame-options header (bug 584831). http://github.com/mozilla/secret-squirrel/commit/f2364b5 2) Here's a copy of a reply from my dev copy: Status=OK - 200 Date=Tue, 24 Aug 2010 12:57:48 GMT Server=WSGIServer/0.1 Python/2.6.4 Vary=Cookie X-Frame-Options=DENY Content-Type=text/html; charset=utf-8 Set-Cookie=csrftoken=82854b0b121c737b317014ec2263ba2e; httponly; Max-Age=31449600; Path=/ 3) And here's a test. http://github.com/mozilla/secret-squirrel/commit/8e261ec
Assignee: nobody → fwenzel
Status: NEW → RESOLVED
Closed: 14 years ago
Depends on: 584831
Resolution: --- → FIXED
Updated•8 years ago
|
Product: Webtools → Webtools Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•