[KNOX-1323] Reconcile WebAppSecurity provider X-Frame-Options and X-Content-Type-Options param names - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.1.0
Fix Version/s: 1.1.0
Component/s: AdminUI, Server, Site
Labels:
None

Description

The X-Frame-Options params for the WebAppSec provider do not match what is documented.

Since the implementation is being used (e.g., manager.xml, knoxsso.xml), the appropriate resolution is to correct the docs.

Additionally, since the Admin UI support for this was based on the docs, it also needs to be updated to produce the correct params.

Further, the X-Content-Type-Options param names should be similar in form to the X-Frame-Options param names.

The correct param names are:

xframe.options
xframe.options.enabled
xcontent-type.options
xcontent-type.options.enabled

The User Guide must be updated to reflect the correct X-Frame-Options param names; it currently describes xframe-options.enabled and xframe-options.value

Attachments

Activity

People

Assignee:: Philip Zampino

Reporter:: Philip Zampino

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18/May/18 02:24

Updated:: 28/Mar/19 14:05

Resolved:: 18/May/18 13:53