All users were logged out of Bugzilla on October 13th, 2018

[SSO] May login screen be framed?

RESOLVED FIXED

Status

P1
normal
RESOLVED FIXED
9 years ago
2 years ago

People

(Reporter: wenzel, Assigned: wenzel)

Tracking

Details

(Whiteboard: [infrasec:access])

(Assignee)

Description

9 years ago
From the Security review: 

"Will framing of the html login form be allowed? If not, appropriate x-frame-options header must be set."
Whiteboard: [infrasec:access]
(Assignee)

Updated

9 years ago
Component: Webdev → SSO
Product: mozilla.org → Webtools
QA Contact: webdev → sso
(Assignee)

Updated

8 years ago
Priority: -- → P1
(Assignee)

Updated

8 years ago
Assignee: fwenzel → nobody
(Assignee)

Comment 1

8 years ago
1) I imported Jsocol's commonware which just now got an x-frame-options header (bug 584831).

http://github.com/mozilla/secret-squirrel/commit/f2364b5


2) Here's a copy of a reply from my dev copy:

Status=OK - 200
Date=Tue, 24 Aug 2010 12:57:48 GMT
Server=WSGIServer/0.1 Python/2.6.4
Vary=Cookie
X-Frame-Options=DENY
Content-Type=text/html; charset=utf-8
Set-Cookie=csrftoken=82854b0b121c737b317014ec2263ba2e; httponly; Max-Age=31449600; Path=/


3) And here's a test.
http://github.com/mozilla/secret-squirrel/commit/8e261ec
Assignee: nobody → fwenzel
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Depends on: 584831
Resolution: --- → FIXED
Product: Webtools → Webtools Graveyard
You need to log in before you can comment on or make changes to this bug.