-
Type: Feature
-
Status: Done
-
Priority: Medium
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 1.13.2
-
Labels:None
By setting the Header content-security-policy: frame-ancestors 'none', the login form can't be embedded within an iframe, which prevents phishing attacks.
See
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors