[jira] [Updated] (SOLR-7966) Solr Admin pages should set X-Frame-Options to DENY

Yonik Seeley (JIRA) Tue, 25 Aug 2015 15:08:01 -0700

     [ 
https://issues.apache.org/jira/browse/SOLR-7966?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Yonik Seeley updated SOLR-7966:
-------------------------------
    Attachment: SOLR-7966.patch

Ah, I found a test which apparently does create the full webapp.
Here's the patch with passing test.

> Solr Admin pages should set X-Frame-Options to DENY
> ---------------------------------------------------
>
>                 Key: SOLR-7966
>                 URL: https://issues.apache.org/jira/browse/SOLR-7966
>             Project: Solr
>          Issue Type: Bug
>            Reporter: Yonik Seeley
>            Priority: Trivial
>         Attachments: SOLR-7966.patch, SOLR-7966.patch
>
>
> Security scan software reported that Solr's admin interface is vulnerable to 
> clickjacking, which is fixable with the X-Frame-Options HTTP header.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (SOLR-7966) Solr Admin pages should set X-Frame-Options to DENY

Reply via email to