projects / cascardo / ipsilon.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b6d5f11) | patch
Disallow iframes via X-Frame-Options and CSP by default
authorRob Crittenden <rcritten@redhat.com>
Thu, 23 Apr 2015 20:42:27 +0000 (16:42 -0400)
committerPatrick Uiterwijk <puiterwijk@redhat.com>
Fri, 24 Apr 2015 17:10:34 +0000 (19:10 +0200)
commit44f663ac7dc5a6f28b25b083a21f6d9e912cff92
tree1975cf213d09bd9f1988e191366636fe4d39fee8tree | snapshot
parentb6d5f11ffe484e2ba7de14c7bac31c52461fe791commit | diff
Disallow iframes via X-Frame-Options and CSP by default

A decorator, allow_iframe, is also created so that specific
pages can remove the deny values and allow operating within
a frame.

The Persona plugin relies on iframes and uses this decorator
for all endpoints.

https://fedorahosted.org/ipsilon/ticket/15

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
ipsilon/providers/persona/auth.py diff | blob | history
ipsilon/util/endpoint.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.