[jboss-jira] [JBoss JIRA] (WFLY-3450) Allow addition of HTTP headers to management console responses
James Livingston (JIRA)
issues at jboss.org
Thu Jun 5 23:40:15 EDT 2014
[ https://issues.jboss.org/browse/WFLY-3450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12973953#comment-12973953 ]
James Livingston commented on WFLY-3450:
----------------------------------------
Sorry, I wasn't clear - yes I meant web console to browser responses. You could for example add "X-Frame-Options: deny" to prevent the console from being places in various kinds of framing, to help prevent "clickjacking".
There are plenty more environment-specific headers that may be useful in some situtations.
> Allow addition of HTTP headers to management console responses
> --------------------------------------------------------------
>
> Key: WFLY-3450
> URL: https://issues.jboss.org/browse/WFLY-3450
> Project: WildFly
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Web Console
> Reporter: James Livingston
> Assignee: Heiko Braun
>
> It would be useful to be able to add additional HTTP headers to the responses from the web management console, such as X-Frame-Options.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
More information about the jboss-jira
mailing list