garrensmith commented on a change in pull request #582: Add X-Frame-Options URL: https://github.com/apache/couchdb/pull/582#discussion_r123175032
########## File path: rel/overlay/etc/default.ini ########## @@ -187,6 +188,14 @@ credentials = false ; List of accepted methods ; methods = +[x_frame_options] +; Settings same-origin will return X-Frame-Options: SAMEORIGIN. +; If same origin is set, it will ignore the hosts setting +; same_origin = true +; Settings hosts will return X-Frame-Options: ALLOW-FROM https://example.com/ +; List of hosts separated by a comma. * means accept all +; hosts = Review comment: I think its the same as for cors or anything else. The typo's will give incorrect results and mean that they might have a situation where a page can be or cannot be embedded ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
