Project

General

Profile

Actions

Bug #54201

closed

Epic #55070: Workpackages

Epic #55066: WP: Security enhancements

Implement Clickjacking Protection

Added by Helmut Hummel over 10 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Could have
Assignee:
-
Category:
-
Target version:
Start date:
2013-12-04
Due date:
% Done:

100%

Estimated time:
12.00 h
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
easy
Is Regression:
No
Sprint Focus:

Description

  • Send X-Frame-Options headers ( X-Frame-Options: SAMEORIGIN) in the backend by default
    • Find an appropriate place where to send these headers
    • Add TYPO3_CONF_VARS configuration to disable it
  • Provide possibility to disable this protection if not needed/ wanted.
  • Coordinate with SecurityGuide writers to mention Webserver configuration for FE (no PHP implementation for frontend requests)

JS snippet to reveal body tag only when iframe included in correct parent url is not needed, as browsers supported by TYPO3 6.2 (Chrome, Safari, FF, IE >7) have support for X-Frame-Options

Actions

Also available in: Atom PDF