Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Framebuster / frame breaker #1679

Closed
robocoder opened this Issue · 5 comments

2 participants

Anthon Pang Matthieu Aubry
Anthon Pang
Collaborator

To mitigate clickjacking, prevent the login form from being framed by another website.

Anthon Pang
Collaborator

(In [3267]) fixes #1679 - clickjacking countermeasures

There are two aspects of this patch:

  • header.tpl - framebuster code
  • Controller.php - set the "X-Frame-Options: deny" header in the HTTP response
Anthon Pang
Collaborator

(In [3287]) refs #1679

Anthon Pang
Collaborator

(In [3386]) refs #1679 - config option to enable/disable Login framebuster

Matthieu Aubry
Owner

Added FAQ: How do I enable users to login into Piwik inside an iframe?

let me know if any feedback

Anthon Pang
Collaborator

(In [4451]) fixes #2312, refs #1679 - done

Anthon Pang robocoder added this to the Piwik 1.1 milestone
Anthon Pang robocoder self-assigned this
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.