[jira] [Created] (NIFI-5366) Implement Content Security Policy frame-ancestors directive

Andy LoPresto (JIRA) Mon, 02 Jul 2018 19:33:49 -0700

Andy LoPresto created NIFI-5366:
-----------------------------------

             Summary: Implement Content Security Policy frame-ancestors 
directive
                 Key: NIFI-5366
                 URL: https://issues.apache.org/jira/browse/NIFI-5366
             Project: Apache NiFi
          Issue Type: Improvement
          Components: Core Framework
    Affects Versions: 1.7.0
            Reporter: Andy LoPresto



The {{X-Frame-Options}} headers [1] currently in place to prevent malicious 
framing / clickjacking [2] are superseded by and should be replaced by the 
Content Security Policy frame-ancestors [3] directive. 

[1] https://tools.ietf.org/html/rfc7034
[2] https://en.wikipedia.org/wiki/Clickjacking
[3] 
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (NIFI-5366) Implement Content Security Policy frame-ancestors directive

Reply via email to