Closed Bug 944817 Opened 12 years ago Closed 12 years ago

Add X-Frame-Options header

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: jon, Assigned: jon)

References

(
URL
)

Details

Attachments

(1 file)

https://github.com/mozilla/login.webmaker.org/pull/217 12 years ago Jon Buckley [:jbuck] 54 bytes, text/x-github-pull-request	cade : review+	Details \| Review

Jon Buckley [:jbuck]

Assignee

Description

•

12 years ago

The login server has no frameable content, so we can set the X-Frame-Options: Deny header to prevent clickjacking attacks.

Jon Buckley [:jbuck]

Assignee

Comment 1

•

12 years ago

Attached file https://github.com/mozilla/login.webmaker.org/pull/217 — Details

Attachment #8341126 - Flags: review?(cade)

Chris DeCairos (:cade)

Updated

•

12 years ago

Attachment #8341126 - Flags: review?(cade) → review+

[github robot]

Comment 2

•

12 years ago

Commit pushed to master at https://github.com/mozilla/login.webmaker.org https://github.com/mozilla/login.webmaker.org/commit/ef426f9a6a43b85f13ac98e75876210dd7845232 Fix bug 944817 - Do not allow embedding of any login pages

[github robot]

Updated

•

12 years ago

Status: ASSIGNED → RESOLVED

Closed: 12 years ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Add X-Frame-Options header

Categories

(Webmaker Graveyard :: Login, defect)

Tracking

(Not tracked)

People

(Reporter: jon, Assigned: jon)

References

(
URL
)

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Comment 2

Updated

Attachment

General

Description

File Name

Content Type