Launchpad itself

Launchpad lacks clickjacking protection

Bug #911637 reported by David on 2012-01-04

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Fix Released	Critical	William Grant

Bug Description

Launchpad according to wgrant lacks clickjacking protection.
IMHO Launchpad should use the X-Frame-Options header as part of a clickjacking defence where this is possible.

Aaron Bentley (abentley) on 2012-01-04

summary:	- Add clickjacking protection(X-Frame-Options) to launchpad + Launchpad lacks clickjacking protection
Changed in launchpad:
status:	New → Triaged
importance:	Undecided → Critical

Revision history for this message

David (d--) wrote on 2012-04-12:

/me Nudge.

Revision history for this message

William Grant (wgrant) wrote on 2012-04-12:

Thanks for the poke -- I actually added X-Frame-Options: SAMEORIGIN a couple of months back but forgot that this report existed.

Changed in launchpad:
assignee:	nobody → William Grant (wgrant)
status:	Triaged → Fix Released
visibility:	private → public

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.