Bug #54201

Epic #55070: Workpackages

Epic #55066: WP: Security enhancements

Implement Clickjacking Protection

Added by Helmut Hummel over 7 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Could have
Assignee:
-
Category:
-
Target version:
Start date:
2013-12-04
Due date:
% Done:

100%

Estimated time:
12.00 h
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
easy
Is Regression:
No
Sprint Focus:

Description

  • Send X-Frame-Options headers ( X-Frame-Options: SAMEORIGIN) in the backend by default
    • Find an appropriate place where to send these headers
    • Add TYPO3_CONF_VARS configuration to disable it
  • Provide possibility to disable this protection if not needed/ wanted.
  • Coordinate with SecurityGuide writers to mention Webserver configuration for FE (no PHP implementation for frontend requests)

JS snippet to reveal body tag only when iframe included in correct parent url is not needed, as browsers supported by TYPO3 6.2 (Chrome, Safari, FF, IE >7) have support for X-Frame-Options

#1

Updated by Helmut Hummel over 7 years ago

  • Project changed from 1716 to TYPO3 Core
#2

Updated by Helmut Hummel over 7 years ago

  • Target version set to 6.2.0
  • Is Regression set to No
#3

Updated by Helmut Hummel over 7 years ago

  • Status changed from New to Accepted
  • Priority changed from Should have to Could have
#4

Updated by Ingo Schmitt over 7 years ago

  • Parent task set to #55066
#5

Updated by Helmut Hummel over 7 years ago

  • Estimated time set to 12.00 h

Helmut Hummel wrote:

X-Frame-Options headers

JS snippet to reveal body tag only when iframe included in correct parent url (find reference implementation)

#6

Updated by Helmut Hummel over 7 years ago

  • Complexity set to easy
#7

Updated by Gerrit Code Review about 7 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/28601

#8

Updated by Gerrit Code Review about 7 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/28601

#9

Updated by Helmut Hummel about 7 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#10

Updated by Riccardo De Contardi over 3 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF