Closed Bug 1622822 Opened 5 years ago Closed 5 years ago

HTTPS Only Mode - Investigate effects with respect to X-Frame-Options and frame-ancestors

Tracking

()

Status:

RESOLVED INVALID

People

(Reporter: julianwels, Assigned: julianwels)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-active])

Julian Gaibler

Assignee

Description

•

5 years ago

Investigate the effects of HTTPS Only Mode with respect to X-Frame-Options and frame-ancestors.

Maybe write tests for this, if necessary.

Christoph Kerschbaumer [:ckerschb]

Updated

•

5 years ago

Priority: -- → P2

Whiteboard: [domsecurity-active]

Christoph Kerschbaumer [:ckerschb]

Comment 1

•

5 years ago

Turns out x-frame-options and CSP frame-ancestors is not affected by HTTPS only, hence marking as INVALID.

Status: ASSIGNED → RESOLVED

Closed: 5 years ago

Resolution: --- → INVALID

You need to log in before you can comment on or make changes to this bug.

Bugzilla

HTTPS Only Mode - Investigate effects with respect to X-Frame-Options and frame-ancestors

Categories

(Core :: DOM: Security, enhancement, P2)

Tracking

()

People

(Reporter: julianwels, Assigned: julianwels)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-active])

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1