openstack/puppet-horizon
Code Issues Proposed changes
398b6bdabf
puppet-horizon/releasenotes/notes/disallow_iframe_embed-f0ffa1cabeca5b1e.yaml
Luke Hinds 218c35ea7b Manage disallow_iframe_embed with puppet manifest 
DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
Scripting (XFS) vulnerability, so this option allows extra security hardening
where iframes are not used in deployment

Change-Id: I5c540e552efe738bdec8598f9257fa22ae651a76
Related-Bug: #1641882
2016-12-10 08:52:46 +00:00

6 lines
187 B
YAML
Raw Blame History

---
features:
- Making DISALLOW_IFRAME_EMBED in local_settings.py a configurable value
DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
within an iframe
View Git Blame Copy Permalink