Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set up X-Frame-Options Header #312

Closed
sleidig opened this issue Jul 5, 2019 · 1 comment
Closed

Set up X-Frame-Options Header #312

sleidig opened this issue Jul 5, 2019 · 1 comment
Labels
Type: Security

Comments

@sleidig
Copy link
Member

sleidig commented Jul 5, 2019
edited
Loading

see #269 (comment)

X-Frame-Options are a http feature to prevent clickjacking and should probably set up for our app in its Dockerfile

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a , <iframe>, or . Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.
@sleidig sleidig mentioned this issue Jul 5, 2019
Closed
@sleidig sleidig added this to the Ideas milestone Feb 18, 2020
@sleidig sleidig removed this from the Ideas milestone Sep 8, 2020
sleidig added a commit that referenced this issue Sep 22, 2021
@sleidig
fix(core): add CSP headers for security
aec6101 
closes #312, closes #950
@sleidig
Copy link
Member Author

sleidig commented Jul 19, 2023

No immediate use cases but I do see potential to embed our app somewhere (e.g. in TolaData or Nextcloud). Also, it least our public-forms are intended to be embedded on websites nowadays.

I would therefore suggest to not implement this at the moment.

@sleidig sleidig closed this as completed Jul 19, 2023
@github-project-automation github-project-automation bot moved this from Triage to Done in All Tasks & Issues Jul 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Security
Projects
All Tasks & Issues
Archived in project
Important Fixes & Enhancements
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sleidig