Jenkins 1.532.2 sets X-Frame-Options to sameorigin |https://github.com/cloudbees/hudson/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6]. While this prevents attacks via frame embedding, it also prevents any desirable embedding of Jenkins in a frame.
This should be configurable "somehow." Either via an extension point, or allowing PageDecorators to set the header property by changing the order of layout.jelly.
- is duplicated by
-
JENKINS-21842 Need a way to permit Jenkins to be visible in selected iframes
-
- Resolved
-
-
JENKINS-22168 Jenkins does not work inside HTML frame's anymore
-
- Resolved
-
- is related to
-
JENKINS-22430 XFrame Filter Plugin forgets settings upon Jenkins restart
-
- Resolved
-
- links to
[JENKINS-21881] Make X-Frame-Options configurable
Labels | Original: lts-candidate | New: api lts-candidate security |
Link |
New:
This issue is duplicated by |
Link | New: This issue is blocking SECURITY-80 [ SECURITY-80 ] |
Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
Link |
New:
This issue is duplicated by |
Link |
New:
This issue is related to |
Assignee | New: Daniel Beck [ danielbeck ] |
Remote Link | New: This issue links to "PR 1391 (Web Link)" [ 11502 ] |
Resolution | New: Fixed [ 1 ] | |
Status | Original: In Progress [ 3 ] | New: Resolved [ 5 ] |
Labels | Original: api lts-candidate security | New: api security |