Closed Bug 770239 Opened 7 years ago Closed 7 years ago
Re-enable X-Frame-Options in b2g
We disabled X-Frame-Options in b2g in bug 707893, because it ran-afoul of <iframe mozbrowser>. We need to make it mozbrowser-aware and re-enable it.
We should treat this as a security bug because lack of XFO support will make users vulnerable to clickjacking attacks on popular web services. Torn on whether to rate this moderate (only some sites affected) or high (damage could include account compromise on those sites).
blocking-kilimanjaro: --- → ?
Assignee: nobody → justin.lebar+bug
Comment on attachment 639992 [details] [diff] [review] Patch, v1 r=me
Attachment #639992 - Flags: review?(bzbarsky) → review+
Comment on attachment 639993 [details] [diff] [review] Tests, v1 r=me, but I hope you understand that I'm at best skimming these test patches.... Please let me know if you think I should be reviewing them more carefully.
Attachment #639993 - Flags: review?(bzbarsky) → review+
> Please let me know if you think I should be reviewing them more carefully. I will, thanks.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.