Framebuster / frame breaker #1679

Enhancement 1.1
@robocoder opened this Issue on September 7th 2010 Contributor

To mitigate clickjacking, prevent the login form from being framed by another website.

@robocoder commented on October 27th 2010 Contributor

(In [3267]) fixes #1679 - clickjacking countermeasures

There are two aspects of this patch:

  • header.tpl - framebuster code
  • Controller.php - set the "X-Frame-Options: deny" header in the HTTP response
@robocoder commented on November 3rd 2010 Contributor

(In [3287]) refs #1679

@robocoder commented on November 29th 2010 Contributor

(In [3386]) refs #1679 - config option to enable/disable Login framebuster

@mattab commented on December 23rd 2010 Member

Added FAQ: How do I enable users to login into Piwik inside an iframe?

let me know if any feedback

@robocoder commented on April 14th 2011 Contributor

(In [4451]) fixes #2312, refs #1679 - done

This Issue was closed on July 19th 2012
Home | Back
Powered by GitHub Issue Mirror
Privacy Policy