View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0015724 | mantisbt | security | public | 2013-04-07 11:01 | 2013-04-17 17:42 |
Reporter | rombert | Assigned To | atrol | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | duplicate | ||
Summary | 0015724: Allow administrators to customize X-Frame-Options header | ||||
Description | Bug 0011824 has introduced X-Frame-Options clickjacking protection. The value of the mentioned header is unconditionally set to 'Deny'. In some cases users would like to tweak the value of this header, see for instance http://stackoverflow.com/questions/15813325/squash-tm-bugtracker-in-frame/15815825 . We should allow for the value of the X-Frame-Options to be configurable. | ||||
Tags | No tags attached. | ||||