Skip to content


Framebuster / frame breaker #1679

robocoder opened this Issue · 5 comments

2 participants


To mitigate clickjacking, prevent the login form from being framed by another website.


(In [3267]) fixes #1679 - clickjacking countermeasures

There are two aspects of this patch:

  • header.tpl - framebuster code
  • Controller.php - set the "X-Frame-Options: deny" header in the HTTP response

(In [3287]) refs #1679


(In [3386]) refs #1679 - config option to enable/disable Login framebuster

Piwik Open Source Analytics member

Added FAQ: How do I enable users to login into Piwik inside an iframe?

let me know if any feedback


(In [4451]) fixes #2312, refs #1679 - done

@robocoder robocoder added this to the Piwik 1.1 milestone
@robocoder robocoder self-assigned this
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.