Add X-Frame-Options header to HTML responses
Bug #863904 reported by
François Marier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Libravatar (obsolete) |
Fix Released
|
Low
|
François Marier |
Bug Description
To prevent ClickJacking, we should set the X-Frame-Options to Deny for everything that returns HTML:
https:/
https:/
We'll need to make sure we don't set it on the dynamic resizer / resolver though.
Changed in libravatar: | |
status: | Fix Committed → Fix Released |
Changed in libravatar: | |
status: | Confirmed → Fix Committed |
Changed in libravatar: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
It's now enabled on /account and /openid