Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-2006

X-Frame-Options header is not included in the HTTP response for static resources

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Admin Console
    • Labels:
      None

      Description

      OF-997 introduced the X-Frame-Options header to protect against 'ClickJacking' attacks. These headers should also be set on responses to requests for static content, such as: http://localhost:9090/js/tooltips/domLib.js

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              guus Guus der Kinderen
              Reporter:
              guus Guus der Kinderen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: