So I wanted to use javadoc/scaladoc style documentation and take advantage of fossils embedded documentation -- I put the scaladoc under <repo>/docco and happily was going to http://server:port/repo/doc/trunk/docco/index.html - but there noscript was already waiting for me, saying "No, no!". I couldn't convince it otherwise, so I turned the X-Frame-Options http header over to SAMEORIGIN instead of DENY and recompiled.
Now, with wikis and such I can see how there's a danger of IFRAMEs, click jacking and what not. On the other hand, there's a valid use-case for using iframes, where x-frame-options really should be SAMEORIGIN. Couldn't there be a setting to tune, or a list of glob patterns for which to turn X-Frame-Options to SAMEORIGIN (or, the other way round, to DENY) ? (yeah yeah I know - obvious answer is stop using scaladoc or javadoc, they're bad tools anyways. But it's all I have here :)). Regards, -Martin _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
