Closed
Bug 792123
Opened 12 years ago
Closed 9 years ago
Etherpad SecReview - X-Frame-Options Not Set
Categories
(Websites Graveyard :: etherpad.mozilla.org, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: mfuller, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: sec-moderate, wsec-impersonation, wsec-xss, Whiteboard: [site:etherpad.mozilla.org])
The X-Frame-Options header is not set. It should be set to either SAMEORIGIN or DENY to prevent framing of the site and potential clickjacking.
Updated•11 years ago
|
Whiteboard: [site:etherpad.mozilla.org]
Updated•11 years ago
|
Assignee: nobody → rhelmer
Updated•11 years ago
|
Flags: needinfo?(rhelmer)
Comment 2•11 years ago
|
||
Did not realize on first glance that this is etherpad.m.o and not the new etherpad-lite (which is not deployed yet), sorry for the delay.
Status: NEW → ASSIGNED
Flags: needinfo?(rhelmer)
Updated•11 years ago
|
Comment 4•9 years ago
|
||
Old etherpad has been decommissioned.
Assignee: rhelmer → nobody
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
Assignee | ||
Updated•8 years ago
|
Product: Websites → Websites Graveyard
Updated•7 years ago
|
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•