[KNOX-700] Add Clickjacking Protection to WebAppSec Provider - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.9.0
Component/s: Server
Labels:
None

Description

By adding the X-Frame-Options=DENY header to responses, proxied and hosted applications can control whether they can be embedded within another application through Frame, IFrame or Object HTML elements.

Leveraging this to set them all to DENY adds protection against clickjacking for all proxied and hosted applications within the configured topology.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

KNOX-700-002.patch
29/Mar/16 02:29
18 kB
Larry McCay
KNOX-700-001.patch
28/Mar/16 19:00
16 kB
Larry McCay

Activity

People

Assignee:: Larry McCay

Reporter:: Larry McCay

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 28/Mar/16 18:57

Updated:: 28/Mar/19 14:15

Resolved:: 29/Mar/16 03:04