Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21881

Make X-Frame-Options configurable

    XMLWordPrintable

Details

    Description

      Jenkins 1.532.2 sets X-Frame-Options to sameorigin |https://github.com/cloudbees/hudson/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6]. While this prevents attacks via frame embedding, it also prevents any desirable embedding of Jenkins in a frame.

      This should be configurable "somehow." Either via an extension point, or allowing PageDecorators to set the header property by changing the order of layout.jelly.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-21842 Need a way to permit Jenkins to be visible in selected iframes

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-22168 Jenkins does not work inside HTML frame's anymore

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-22430 XFrame Filter Plugin forgets settings upon Jenkins restart

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link PR 1391

          Activity

            Ascending order - Click to sort in descending order
            recampbell Ryan Campbell created issue -
            jglick Jesse Glick made changes -
            Field Original Value New Value
            Labels lts-candidate api lts-candidate security
            jglick Jesse Glick made changes -
            Link This issue is duplicated by JENKINS-21842 [ JENKINS-21842 ]
            jglick Jesse Glick made changes -
            Link This issue is blocking SECURITY-80 [ SECURITY-80 ]
            jglick Jesse Glick made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            danielbeck Daniel Beck made changes -
            Link This issue is duplicated by JENKINS-22168 [ JENKINS-22168 ]
            abubadabu Timm Drevensek made changes -
            Link This issue is related to JENKINS-22430 [ JENKINS-22430 ]
            danielbeck Daniel Beck made changes -
            Assignee Daniel Beck [ danielbeck ]
            danielbeck Daniel Beck made changes -
            Remote Link This issue links to "PR 1391 (Web Link)" [ 11502 ]
            scm_issue_link SCM/JIRA link daemon made changes -
            Resolution Fixed [ 1 ]
            Status In Progress [ 3 ] Resolved [ 5 ]
            danielbeck Daniel Beck made changes -
            Labels api lts-candidate security api security
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 153882 ] JNJira + In-Review [ 194737 ]

            People

              danielbeck Daniel Beck
              recampbell Ryan Campbell
              Votes:
              7 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: