Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

更新・設定ページにクリックジャッキング対策をする #273

Closed
tdtds opened this issue Mar 26, 2013 · 1 comment
Closed

更新・設定ページにクリックジャッキング対策をする #273

tdtds opened this issue Mar 26, 2013 · 1 comment
Labels
security
Milestone
3.2.2

Comments

@tdtds
Copy link
Member

tdtds commented Mar 26, 2013

不正な日記更新や設定変更を避けるために、認証ページにはデフォルトでX-FRAME-OPTIONSをつける。

参考: http://www.ipa.go.jp/about/technicalwatch/20130326.html
tdtds added a commit that referenced this issue Mar 26, 2013
@tdtds
set X-Frame-Options to SAMEORIGIN in admin pages #273
2c457f2
tdtds added a commit that referenced this issue Mar 26, 2013
@tdtds
Merge pull request #274 from tdiary/x-frame-option_on_admin
31dde8b 
set X-Frame-Options to SAMEORIGIN in admin pages #273
@tdtds
Copy link
Member Author

tdtds commented Mar 26, 2013

とりあえずupdate.rbのレスポンスにはSAMEORIGIN決め打ちで返すことに。

@tdtds tdtds closed this as completed Mar 26, 2013
@zunda zunda mentioned this issue Mar 28, 2013
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
3.2.2
Development

No branches or pull requests
1 participant
@tdtds