View Revisions: Issue #15724

Summary 0015724: Allow administrators to customize X-Frame-Options header
Revision 2013-04-07 11:19 by atrol
Description

Bug 0011824 has introduced X-Frame-Options clickjacking protection. The value of the mentioned header is unconditionally set to 'Deny'. In some cases users would like to tweak the value of this header, see for instance http://stackoverflow.com/questions/15813325/squash-tm-bugtracker-in-frame/15815825 .

We should allow for the value of the X-Frame-Options to be configurable.

Revision 2013-04-07 11:01 by rombert
Description

Bug 0011824 has introduced X-Frame-Options clickjacking protection. The value of the mentioned header is unconditionally set to 'Deny'. In some cases users would like to tweak the value of this header, see for instance http://stackoverflow.com/questions/15813325/squash-tm-bugtracker-in-frame/15815825 .

We should allow for the value of the X-Frame-Options to be configurable.