0015724: Allow administrators to customize X-Frame-Options header - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0015724	mantisbt	security	public	2013-04-07 11:01	2013-04-17 17:42

Reporter	rombert	Assigned To	atrol
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	duplicate

Summary	0015724: Allow administrators to customize X-Frame-Options header
Description	Bug 0011824 has introduced X-Frame-Options clickjacking protection. The value of the mentioned header is unconditionally set to 'Deny'. In some cases users would like to tweak the value of this header, see for instance http://stackoverflow.com/questions/15813325/squash-tm-bugtracker-in-frame/15815825 . We should allow for the value of the X-Frame-Options to be configurable.
Tags	No tags attached.

duplicate of	0012165	acknowledged		Allow mantis to be loaded in an iframe
related to	0011824	closed	dhx	Implement X-Frame-Options clickjacking protection

atrol 2013-04-07 11:19 developer ~0036533	rombert, maybe you want to retarget 0012165 to 1.2.x