[
https://issues.apache.org/jira/browse/KNOX-1323?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Phil Zampino updated KNOX-1323:
-------------------------------
Description:
The X-Frame-Options params for the WebAppSec provider do not match what is
documented.
Since the implementation is being used (e.g., manager.xml, knoxsso.xml), the
appropriate resolution is to correct the docs.
Additionally, since the Admin UI support for this was based on the docs, it
also needs to be updated to produce the correct params.
Further, the X-Content-Type-Options param names should be similar in form to
the X-Frame-Options param names.
The correct param names are:
* xframe.options
* xframe.options.enabled
* xcontent-type.options
* xcontent-type.options.enabled
The User Guide must be updated to reflect the correct X-Frame-Options param
names; it currently describes xframe-options.enabled and xframe-options.value
was:
The X-Frame-Options params for the WebAppSec provider do not match what is
documented.
Since the implementation is being used, the appropriate resolution is to
correct the docs.
Additionally, since the Admin UI support for this was based on the docs, it
also needs to be updated to produce the correct params.
Further, the X-Content-Type-Options param names should be similar in form to
the X-Frame-Options param names.
The correct param names are:
* xframe.options
* xframe.options.enabled
* xcontent-type.options
* xcontent-type.options.enabled
The User Guide must be updated to reflect the correct X-Frame-Options param
names; it currently describes xframe-options.enabled and xframe-options.value
> Reconcile WebAppSecurity provider X-Frame-Options and X-Content-Type-Options
> param names
> ----------------------------------------------------------------------------------------
>
> Key: KNOX-1323
> URL: https://issues.apache.org/jira/browse/KNOX-1323
> Project: Apache Knox
> Issue Type: Bug
> Components: AdminUI, Server, Site
> Affects Versions: 1.1.0
> Reporter: Phil Zampino
> Assignee: Phil Zampino
> Priority: Major
> Fix For: 1.1.0
>
>
> The X-Frame-Options params for the WebAppSec provider do not match what is
> documented.
> Since the implementation is being used (e.g., manager.xml, knoxsso.xml), the
> appropriate resolution is to correct the docs.
> Additionally, since the Admin UI support for this was based on the docs, it
> also needs to be updated to produce the correct params.
> Further, the X-Content-Type-Options param names should be similar in form to
> the X-Frame-Options param names.
> The correct param names are:
> * xframe.options
> * xframe.options.enabled
> * xcontent-type.options
> * xcontent-type.options.enabled
> The User Guide must be updated to reflect the correct X-Frame-Options param
> names; it currently describes xframe-options.enabled and xframe-options.value
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
