New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
X-Frame-Options is deprecated #408
Comments
I know it's an example, but...
|
Ran the vendors directory through CS checker. Main changes are bracket placements and converting tabs to spaces. Contains few signature changes: * Tag handlers use camel casing, 'render' prefix. * set_language and set_owner in Textpack_Parser. See issue textpattern#408 git-svn-id: http://textpattern.googlecode.com/svn/development/4.x@5757 2fea6a4d-a838-0410-917b-93a53c48e9d2
No idea what the correct solution is here. @vanmelick: care to propose one? |
Bumping - @vanmelick @rwetzlmayr @bloatware do you know of a solution for this? |
Sorry, I don't understand the issue itself, the original issue link points to something seemingly unrelated. |
Browser support for CSP: http://caniuse.com/#feat=contentsecuritypolicy |
The replacement for:
...is:
...and is pretty well supported now. You'd at best need to keep both around for now. |
We already ship it with |
Ah yes, fine. I'm happy to close this issue then. Nginx has it's own config that replaces (and ignores) |
Done. |
From jukka.m.svahn on December 09, 2013 13:17:12
X-Frame-Options is being deprecated in Firefox in favor of Content Security Policy. http://www.w3.org/TR/CSP Which is standard candidate. We should migrate to it and leave the old X-Frame-Options as fallback for older browsers. E.g.
header('Content-Security-Policy', "default-src * 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'");
Original issue: http://code.google.com/p/textpattern/issues/detail?id=404
The text was updated successfully, but these errors were encountered: