search

plone / plone.protect

HTTP protection utilities for the Plone CMS
https://pypi.org/project/plone.protect/
7 stars 8 forks source link

Fix for content-type header check and environment variable check. #25

Closed mauritsvanrees closed 8 years ago

mauritsvanrees commented 8 years ago

http://jenkins.plone.org/job/pull-request-5.0/447/

davisagli commented 8 years ago

We also need a way to disable the X-Frame-Options header so sites can opt in to being iframeable.

vangheem commented 8 years ago

Should we just advise to remove the X-Frame-Options header at the proxy server instead?

mauritsvanrees commented 8 years ago

We can easily do this in plone.protect:

        if X_FRAME_OPTIONS:
            self.request.response.setHeader('X-Frame-Options', X_FRAME_OPTIONS)
vangheem commented 8 years ago

sure, that's fine too. Just saying it might be easier for people to add a proxy config than change a process start script.

mauritsvanrees commented 8 years ago

Pull request updated. New Jenkins: http://jenkins.plone.org/job/pull-request-5.0/448/

mauritsvanrees commented 8 years ago

For me it is easier to change to process startup script than to add a proxy config. ;-)

mauritsvanrees commented 8 years ago

The first Jenkins job has passed, but let's wait for the new one to finish.

mauritsvanrees commented 8 years ago

Second Jenkins passes too. All green.