You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2016/03/28 20:57:25 UTC

[jira] [Created] (KNOX-700) Add Clickjacking Protection to WebAppSec Provider

Larry McCay created KNOX-700:
--------------------------------

             Summary: Add Clickjacking Protection to WebAppSec Provider
                 Key: KNOX-700
                 URL: https://issues.apache.org/jira/browse/KNOX-700
             Project: Apache Knox
          Issue Type: Bug
          Components: Server
            Reporter: Larry McCay
            Assignee: Larry McCay
             Fix For: 0.9.0


By adding the X-Frame-Options=DENY header to responses, proxied and hosted applications can control whether they can be embedded within another application through Frame, IFrame or Object HTML elements. 

Leveraging this to set them all to DENY adds protection against clickjacking for all proxied and hosted applications within the configured topology.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)