diff options
author | Marcin Czech <maczech@gmail.com> | 2020-06-15 17:36:18 +0200 |
---|---|---|
committer | Marcin Czech <maczech@gmail.com> | 2020-06-17 11:18:52 +0200 |
commit | 559ea2b49f348d009287bef8f26f6f5e29971c4a (patch) | |
tree | 7b3db796db160c541552ea37108298ad08ea907c /tools/maven/gerrit-extension-api_pom.xml | |
parent | 56918394544b6207a626cb0938d0bba4927a9fa4 (diff) |
Set X-Frame-Options header to avoid clickjacking
Add HTTP filter which is applied to all HTTP responses.
Based on gerrit.canLoadInIFrame and gerrit.xframeOption
properties filter adds the X-Frame-Options HTTP
response header. The X-Frame-Options HTTP response header
can be used to indicate whether or not a browser should
be allowed to render a page in a <frame>, <iframe>,
<embed> or <object>. Gerrit can use this to avoid
click-jacking attacks, by ensuring that the content is
not embedded into other sites.
Bug: Issue 12926
Change-Id: If3f6a770332ade9924b3d1a20c092637c9380e0c
Diffstat (limited to 'tools/maven/gerrit-extension-api_pom.xml')
0 files changed, 0 insertions, 0 deletions