search

cassproject / CASS

Competency and Skills System
http://cassproject.org
Apache License 2.0
51 stars 26 forks source link

adding x-frame-options header option #282

Closed vbhayden closed 1 year ago

vbhayden commented 1 year ago

Adding an optional INCLUDE_SAMEORIGIN_IFRAME_HEADER environment variable that will disable iframe embedding when not used within the same origin.

Security Impact: Enabling this setting will prevent cross-domain iframe embedding of the system, a requirement for the SD Elements portion of CaSS' Platform One deployment. Presumptive Impact: As this uses the same optional header approach as previous updates, this should have no impact for users who do not enable the header. When enabled, browsers will prevent the CaSS application from being embedded within an iframe on cross-domain pages.

sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication