[NIFI-5366] Implement Content Security Policy frame-ancestors directive - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.7.0
Fix Version/s: 1.8.0
Component/s: Core Framework
Labels:
- frame
- header
- http
- security

Description

The X-Frame-Options headers [1] currently in place to prevent malicious framing / clickjacking [2] are superseded by and should be replaced by the Content Security Policy frame-ancestors [3] directive.

[1] https://tools.ietf.org/html/rfc7034
[2] https://en.wikipedia.org/wiki/Clickjacking
[3] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

Attachments

Issue Links

Is contained by

NIFI-5458 Improve NiFi TLS and certificate management

Resolved

links to

GitHub Pull Request #2989

Activity

People

Assignee:: Nathan Gough

Reporter:: Andy LoPresto

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 03/Jul/18 02:32

Updated:: 06/Sep/18 14:28

Resolved:: 06/Sep/18 00:41