Manage disallow_iframe_embed
disallow_iframe_embed can be used to prevent Horizon from being embedded within an iframe. Legacy browsers are still vulnerable to a Cross-Frame Scripting (XFS) vulnerability, so this option allows extra security hardening where iframes are not used in deployment Change-Id: I2fe6b243250608b340ee555062060dbdad1a49c4 Depends-On: I5c540e552efe738bdec8598f9257fa22ae651a76 Closes-Bug: #1641882
This commit is contained in:
Luke Hinds
parent
1e11997e76
commit
0146b6be0d
|
|
@ -60,6 +60,7 @@ outputs:
|
|||
- 443
|
||||
horizon::disable_password_reveal: true
|
||||
horizon::enforce_password_check: true
|
||||
horizon::disallow_iframe_embed: true
|
||||
horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
|
||||
horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
|
||||
horizon::vhost_extra_params:
|
||||
|
|
|
|||
Loading…
Reference in New Issue