[ 
https://issues.apache.org/jira/browse/KNOX-1323?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Phil Zampino updated KNOX-1323:
-------------------------------
    Description: 
The X-Frame-Options params for the WebAppSec provider do not match what is 
documented.

Since the implementation is being used (e.g., manager.xml, knoxsso.xml), the 
appropriate resolution is to correct the docs.

Additionally, since the Admin UI support for this was based on the docs, it 
also needs to be updated to produce the correct params.

Further, the X-Content-Type-Options param names should be similar in form to 
the X-Frame-Options param names.

The correct param names are:
 * xframe.options
 * xframe.options.enabled
 * xcontent-type.options
 * xcontent-type.options.enabled

The User Guide must be updated to reflect the correct X-Frame-Options param 
names; it currently describes xframe-options.enabled and xframe-options.value

 

  was:
The X-Frame-Options params for the WebAppSec provider do not match what is 
documented.

Since the implementation is being used, the appropriate resolution is to 
correct the docs.

Additionally, since the Admin UI support for this was based on the docs, it 
also needs to be updated to produce the correct params.

Further, the X-Content-Type-Options param names should be similar in form to 
the X-Frame-Options param names.

The correct param names are:
 * xframe.options
 * xframe.options.enabled
 * xcontent-type.options
 * xcontent-type.options.enabled

The User Guide must be updated to reflect the correct X-Frame-Options param 
names; it currently describes xframe-options.enabled and xframe-options.value

 


> Reconcile WebAppSecurity provider X-Frame-Options and X-Content-Type-Options 
> param names
> ----------------------------------------------------------------------------------------
>
>                 Key: KNOX-1323
>                 URL: https://issues.apache.org/jira/browse/KNOX-1323
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: AdminUI, Server, Site
>    Affects Versions: 1.1.0
>            Reporter: Phil Zampino
>            Assignee: Phil Zampino
>            Priority: Major
>             Fix For: 1.1.0
>
>
> The X-Frame-Options params for the WebAppSec provider do not match what is 
> documented.
> Since the implementation is being used (e.g., manager.xml, knoxsso.xml), the 
> appropriate resolution is to correct the docs.
> Additionally, since the Admin UI support for this was based on the docs, it 
> also needs to be updated to produce the correct params.
> Further, the X-Content-Type-Options param names should be similar in form to 
> the X-Frame-Options param names.
> The correct param names are:
>  * xframe.options
>  * xframe.options.enabled
>  * xcontent-type.options
>  * xcontent-type.options.enabled
> The User Guide must be updated to reflect the correct X-Frame-Options param 
> names; it currently describes xframe-options.enabled and xframe-options.value
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to