IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add X-Frame-Options and frame-ancestors options

Browse Source 
These two options allow preventing clickjacking attacks. They don't allow
open FreeIPA in frame, iframe or object element.

https://fedorahosted.org/freeipa/ticket/4631

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
This commit is contained in:
Pavel Vomacka 2016-03-10 18:32:50 +01:00 committed by Petr Vobornik
parent c061172792
commit 6eb174c5e7
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
install/conf/ipa.conf
View File

@ -1,5 +1,5 @@
# #
# VERSION 19 - DO NOT REMOVE THIS LINE # VERSION 20 - DO NOT REMOVE THIS LINE
# #
# This file may be overwritten on upgrades. # This file may be overwritten on upgrades.
# #
@ -71,6 +71,8 @@ WSGIScriptReloading Off
ErrorDocument 401 /ipa/errors/unauthorized.html ErrorDocument 401 /ipa/errors/unauthorized.html
WSGIProcessGroup ipa WSGIProcessGroup ipa
WSGIApplicationGroup ipa WSGIApplicationGroup ipa
Header always append X-Frame-Options DENY
Header always append Content-Security-Policy "frame-ancestors 'none'"
</Location> </Location>
# Turn off Apache authentication for sessions # Turn off Apache authentication for sessions