Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

iframe: Allow Multiple iFrame Domains #4781

Merged

Conversation

Projects
None yet
2 participants
@JediKev
Copy link
Member

commented Mar 7, 2019

Previously, we added a security header to prevent click-jacking called "X-Frame-Options". This introduced an issue with people using osTicket in iFrames on their websites. To mitigate the issue, this updates the security header to allow the site to be framed from specified domains, if none provided we default to 'self'. This adds a new field to General System Settings called "Allow iFrames" where you may enter a comma separated list of domains that the site can be framed on. This also adds a validator for the field to validate the domains and ensure they fit the syntax from Mozilla Developer Docs.

@JediKev JediKev force-pushed the JediKev:iframe/allow-multiple-iframe-domains branch 2 times, most recently from 9df8c7a to ebad15b Mar 11, 2019

iframe: Allow Multiple iFrame Domains
Previously, we added a security header to prevent click-jacking called
"X-Frame-Options". This introduced an issue with people using osTicket in
iFrames on their websites. To mitigate the issue, this updates the security
header to allow the site to be framed from specified domains, if none
provided we default to 'self'. This adds a new field to General System
Settings called "Allow iFrames" where you may enter a comma separated list
of domains that the site can be framed on. This also adds a validator for
the field to validate the domains and ensure they fit the <host-source>
syntax from [Mozilla Developer
Docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors#Sources).

@JediKev JediKev force-pushed the JediKev:iframe/allow-multiple-iframe-domains branch from ebad15b to 4f7c4dc Mar 11, 2019

@protich protich merged commit e44ab40 into osTicket:develop Mar 27, 2019

@JediKev JediKev referenced this pull request Mar 29, 2019

Merged

issue: iFrame On Install #4824

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.