View Issue Details

IDProjectCategoryView StatusLast Update
0015724mantisbtsecuritypublic2013-04-17 17:42
Reporterrombert Assigned Toatrol  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionduplicate 
Summary0015724: Allow administrators to customize X-Frame-Options header
Description

Bug 0011824 has introduced X-Frame-Options clickjacking protection. The value of the mentioned header is unconditionally set to 'Deny'. In some cases users would like to tweak the value of this header, see for instance http://stackoverflow.com/questions/15813325/squash-tm-bugtracker-in-frame/15815825 .

We should allow for the value of the X-Frame-Options to be configurable.

TagsNo tags attached.

Relationships

duplicate of 0012165 acknowledged Allow mantis to be loaded in an iframe 
related to 0011824 closeddhx Implement X-Frame-Options clickjacking protection 

Activities

atrol

atrol

2013-04-07 11:19

developer   ~0036533

rombert, maybe you want to retarget 0012165 to 1.2.x

Issue History

Date Modified Username Field Change
2013-04-07 11:01 rombert New Issue
2013-04-07 11:01 rombert Relationship added related to 0011824
2013-04-07 11:19 atrol Relationship added duplicate of 0012165
2013-04-07 11:19 atrol Status confirmed => resolved
2013-04-07 11:19 atrol Resolution open => duplicate
2013-04-07 11:19 atrol Assigned To => atrol
2013-04-07 11:19 atrol Note Added: 0036533
2013-04-07 11:19 atrol Target Version 1.2.15 =>
2013-04-07 11:19 atrol Description Updated View Revisions
2013-04-17 17:42 atrol Status resolved => closed