Uploaded image for project: 'appNG Authentication'
  1. appNG Authentication
  2. AUTH-32

Add "content-security-policy" Header for login

    XMLWordPrintable

    Details

    • Type: Feature
    • Status: Done
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 1.13.2
    • Labels:
      None

      Description

      By setting the Header content-security-policy: frame-ancestors 'none', the login form can't be embedded within an iframe, which prevents phishing attacks.

      See
      https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

        Attachments

          Activity

            People

            • Assignee:
              mueller.matthias Matthias Müller
              Reporter:
              mueller.matthias Matthias Müller
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: