Repository: wicket Updated Branches: refs/heads/master 44121fc0d -> 1271f9a6c
Use "sameorigin" as a value for "X-Frame-Options" because "deny" would break the Ajax functionality and Modal window with a page Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/1271f9a6 Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/1271f9a6 Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/1271f9a6 Branch: refs/heads/master Commit: 1271f9a6cb88baa7eba557281d2f8e470e2fa5dd Parents: 44121fc Author: Martin Tzvetanov Grigorov <[email protected]> Authored: Mon Aug 29 09:31:43 2016 +0200 Committer: Martin Tzvetanov Grigorov <[email protected]> Committed: Mon Aug 29 09:31:43 2016 +0200 ---------------------------------------------------------------------- wicket-user-guide/src/docs/guide/security/security_6.gdoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/1271f9a6/wicket-user-guide/src/docs/guide/security/security_6.gdoc ---------------------------------------------------------------------- diff --git a/wicket-user-guide/src/docs/guide/security/security_6.gdoc b/wicket-user-guide/src/docs/guide/security/security_6.gdoc index 392ed1c..e991351 100644 --- a/wicket-user-guide/src/docs/guide/security/security_6.gdoc +++ b/wicket-user-guide/src/docs/guide/security/security_6.gdoc @@ -17,7 +17,7 @@ protected void init() response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload"); response.setHeader("X-Content-Type-Options", "nosniff"); - response.setHeader("X-Frame-Options", "DENY"); + response.setHeader("X-Frame-Options", "sameorigin"); response.setHeader("Content-Security-Policy", "default-src https:"); } });
