Closed
Bug 568768
Opened 15 years ago
Closed 15 years ago
[SSO] May login screen be framed?
Categories
(Webtools Graveyard :: SSO (Legacy), defect, P1)
Webtools Graveyard
SSO (Legacy)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: wenzel, Assigned: wenzel)
References
Details
(Whiteboard: [infrasec:access])
From the Security review:
"Will framing of the html login form be allowed? If not, appropriate x-frame-options header must be set."
|
||
Updated•15 years ago
|
Whiteboard: [infrasec:access]
|
Assignee | |
Updated•15 years ago
|
Component: Webdev → SSO
Product: mozilla.org → Webtools
|
||
Updated•15 years ago
|
QA Contact: webdev → sso
|
|
Assignee | |
Updated•15 years ago
|
Priority: -- → P1
|
|
Assignee | |
Updated•15 years ago
|
Assignee: fwenzel → nobody
|
|
Assignee | |
Comment 1•15 years ago
|
||
1) I imported Jsocol's commonware which just now got an x-frame-options header (bug 584831).
http://github.com/mozilla/secret-squirrel/commit/f2364b5
2) Here's a copy of a reply from my dev copy:
Status=OK - 200
Date=Tue, 24 Aug 2010 12:57:48 GMT
Server=WSGIServer/0.1 Python/2.6.4
Vary=Cookie
X-Frame-Options=DENY
Content-Type=text/html; charset=utf-8
Set-Cookie=csrftoken=82854b0b121c737b317014ec2263ba2e; httponly; Max-Age=31449600; Path=/
3) And here's a test.
http://github.com/mozilla/secret-squirrel/commit/8e261ec
Assignee: nobody → fwenzel
Status: NEW → RESOLVED
Closed: 15 years ago
Depends on: 584831
Resolution: --- → FIXED
|
||
Updated•9 years ago
|
Product: Webtools → Webtools Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•