Framebuster / frame breaker #1679

Closed
robocoder opened this Issue Sep 7, 2010 · 5 comments

2 participants

@robocoder

To mitigate clickjacking, prevent the login form from being framed by another website.

@robocoder

(In [3267]) fixes #1679 - clickjacking countermeasures

There are two aspects of this patch:

  • header.tpl - framebuster code
  • Controller.php - set the "X-Frame-Options: deny" header in the HTTP response
@robocoder

(In [3287]) refs #1679

@robocoder

(In [3386]) refs #1679 - config option to enable/disable Login framebuster

@mattab
Piwik Open Source Analytics member

Added FAQ: How do I enable users to login into Piwik inside an iframe?

let me know if any feedback

@robocoder

(In [4451]) fixes #2312, refs #1679 - done

@robocoder robocoder added this to the Piwik 1.1 milestone Jul 8, 2014
@robocoder robocoder self-assigned this Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment