New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

issue: Prevent Click Jacking #4266

Merged
merged 1 commit into from May 15, 2018

Conversation

Projects
None yet
2 participants
@JediKev
Member

JediKev commented May 3, 2018

This addresses a vulnerability where there was no X-Frame-Options header
which could potentially allow click jacking. This adds the
X-Frame-Options: SAMEORIGIN header so it will remove any chance of click
jacking. According to Mozilla Developer Docs:

SAMEORIGIN
The page can only be displayed in a frame on the same origin as the page
itself.
issue: Prevent Click Jacking
This addresses a vulnerability where there was no `X-Frame-Options` header
which could potentially allow click jacking. This adds the
`X-Frame-Options: SAMEORIGIN` header so it will remove any chance of click
jacking. According to Mozilla Developer Docs:
```
SAMEORIGIN
The page can only be displayed in a frame on the same origin as the page
itself.
```

@protich protich merged commit c11840f into osTicket:develop May 15, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment