[
https://issues.apache.org/jira/browse/TOBAGO-1822?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16245661#comment-16245661
]
Hudson commented on TOBAGO-1822:
--------------------------------
FAILURE: Integrated in Jenkins build Tobago Trunk #1119 (See
[https://builds.apache.org/job/Tobago%20Trunk/1119/])
TOBAGO-1822: Modernize frame attack handling * step 1: replace CSS/JS (lofwyr:
rev ddd820ca0e4891a77d112aa3cd4345183e98093a)
* (edit) tobago-theme/tobago-theme-charlotteville/rebuild-theme.log
* (edit)
tobago-theme/tobago-theme-scarborough/src/main/resources/META-INF/resources/tobago/scarborough/tobago-bootstrap/_version/js/bootstrap.min.js
* (edit)
tobago-core/src/main/java/org/apache/myfaces/tobago/config/TobagoConfig.java
* (edit)
tobago-theme/tobago-theme-speyside/src/main/resources/META-INF/resources/tobago/speyside/tobago-bootstrap/_version/css/bootstrap.css.map
* (edit)
tobago-theme/tobago-theme-standard/src/main/resources/META-INF/resources/tobago/standard/tobago-bootstrap/_version/js/bootstrap.min.js
* (edit)
tobago-theme/tobago-theme-scarborough/src/main/resources/META-INF/resources/tobago/scarborough/tobago-bootstrap/_version/css/bootstrap.min.css
* (edit)
tobago-theme/tobago-theme-speyside/src/main/resources/META-INF/resources/tobago/speyside/tobago-bootstrap/_version/js/bootstrap.min.js
* (edit)
tobago-theme/tobago-theme-speyside/src/main/resources/META-INF/resources/tobago/speyside/tobago-bootstrap/_version/css/bootstrap.min.css.map
* (edit)
tobago-theme/tobago-theme-roxborough/src/main/resources/META-INF/resources/tobago/roxborough/tobago-bootstrap/_version/css/bootstrap.min.css.map
* (edit)
tobago-theme/tobago-theme-standard/src/main/resources/META-INF/resources/tobago/standard/tobago-bootstrap/_version/js/tobago.js
* (edit)
tobago-theme/tobago-theme-charlotteville/src/main/resources/META-INF/resources/tobago/charlotteville/tobago-bootstrap/_version/css/bootstrap.css.map
* (edit)
tobago-theme/tobago-theme-scarborough/src/main/resources/META-INF/resources/tobago/scarborough/tobago-bootstrap/_version/css/bootstrap.min.css.map
* (edit)
tobago-theme/tobago-theme-charlotteville/src/main/resources/META-INF/resources/tobago/charlotteville/tobago-bootstrap/_version/js/bootstrap.min.js
* (edit) tobago-theme/tobago-theme-scarborough/rebuild-theme.log
* (edit)
tobago-theme/tobago-theme-scarborough/src/main/resources/META-INF/resources/tobago/scarborough/tobago-bootstrap/_version/css/bootstrap.css.map
* (edit)
tobago-theme/tobago-theme-roxborough/src/main/resources/META-INF/resources/tobago/roxborough/tobago-bootstrap/_version/css/bootstrap.css.map
* (edit)
tobago-core/src/main/java/org/apache/myfaces/tobago/renderkit/css/TobagoClass.java
* (edit)
tobago-theme/tobago-theme-speyside/src/main/resources/META-INF/resources/tobago/speyside/tobago-bootstrap/_version/css/bootstrap.min.css
* (edit) tobago-core/src/main/resources/scss/_tobago.scss
* (edit) tobago-theme/tobago-theme-speyside/rebuild-theme.log
* (edit)
tobago-theme/tobago-theme-scarborough/src/main/resources/META-INF/resources/tobago/scarborough/tobago-bootstrap/_version/css/bootstrap.css
* (edit)
tobago-theme/tobago-theme-standard/src/main/resources/META-INF/resources/tobago/standard/tobago-bootstrap/_version/css/bootstrap.min.css
* (edit)
tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/ResponseUtils.java
* (edit)
tobago-theme/tobago-theme-roxborough/src/main/resources/META-INF/resources/tobago/roxborough/tobago-bootstrap/_version/css/bootstrap.css
* (edit)
tobago-theme/tobago-theme-standard/src/main/resources/META-INF/resources/tobago/standard/tobago-bootstrap/_version/css/bootstrap.css.map
* (edit)
tobago-theme/tobago-theme-standard/src/main/resources/META-INF/resources/tobago/standard/tobago-bootstrap/_version/css/bootstrap.min.css.map
* (edit)
tobago-theme/tobago-theme-charlotteville/src/main/resources/META-INF/resources/tobago/charlotteville/tobago-bootstrap/_version/css/bootstrap.css
* (edit)
tobago-theme/tobago-theme-standard/src/main/resources/META-INF/resources/tobago/standard/tobago-bootstrap/_version/css/bootstrap.css
* (edit)
tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-4.0.xsd
* (edit)
tobago-theme/tobago-theme-charlotteville/src/main/resources/META-INF/resources/tobago/charlotteville/tobago-bootstrap/_version/css/bootstrap.min.css.map
* (edit) tobago-theme/tobago-theme-roxborough/rebuild-theme.log
* (edit)
tobago-theme/tobago-theme-speyside/src/main/resources/META-INF/resources/tobago/speyside/tobago-bootstrap/_version/css/bootstrap.css
* (edit) tobago-theme/tobago-theme-standard/rebuild-theme.log
* (edit)
tobago-core/src/main/java/org/apache/myfaces/tobago/internal/renderkit/renderer/PageRenderer.java
* (edit)
tobago-theme/tobago-theme-roxborough/src/main/resources/META-INF/resources/tobago/roxborough/tobago-bootstrap/_version/css/bootstrap.min.css
* (edit)
tobago-theme/tobago-theme-charlotteville/src/main/resources/META-INF/resources/tobago/charlotteville/tobago-bootstrap/_version/css/bootstrap.min.css
> Modernize frame attack handling
> -------------------------------
>
> Key: TOBAGO-1822
> URL: https://issues.apache.org/jira/browse/TOBAGO-1822
> Project: MyFaces Tobago
> Issue Type: Improvement
> Components: Themes
> Reporter: Udo Schnurpfeil
> Assignee: Udo Schnurpfeil
> Fix For: 4.0.0
>
>
> Currently the Tobago configuration attribute "preventFrameAttacks" is
> implemented with CSS and JavaScript. These days all supported browsers
> supports the HTTP header "X-Frame-Options". So, this header should be set.
> Nevertheless this header is deprecated by the CSP Level 2 directive
> "frame-ancestors" which has good support, but IE11.
> So we should
> # use the HTTP header "X-Frame-Options", if preventFrameAttacks is set and
> # the developer might set the CSP Level 2 directive "frame-ancestors"
> The default in Tobago should be: don't allow (with both techniques).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
