I have attached a patch with the proposed fix to the issue.
On 11/21/2011 5:18 PM, Gabrielle Crawford wrote:
Hi all, I am proposing to implement "frame busting" in trinidad to prevent clickjacking attacks, the details are here: https://issues.apache.org/jira/browse/TRINIDAD-2169 This includes a new web.xml parameter, described in the issue above. I'd like to point out that the default value I'm proposing would NOT be backward compatible, but we should default to something secure so I believe this is an exception. Please review. Thanks, Gabrielle
