Please sign in to comment.
Manage disallow_iframe_embed with puppet manifest
DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded within an iframe. Legacy browsers are still vulnerable to a Cross-Frame Scripting (XFS) vulnerability, so this option allows extra security hardening where iframes are not used in deployment Change-Id: I5c540e552efe738bdec8598f9257fa22ae651a76 Related-Bug: #1641882
- Loading branch information...
Showing with 30 additions and 0 deletions.
|@@ -0,0 +1,5 @@|
|- Making DISALLOW_IFRAME_EMBED in local_settings.py a configurable value|
|DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded|
|within an iframe|