• Icon: New Feature New Feature
    • Resolution: Fixed
    • Icon: Minor Minor
    • core

      Jenkins 1.532.2 sets X-Frame-Options to sameorigin |https://github.com/cloudbees/hudson/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6]. While this prevents attacks via frame embedding, it also prevents any desirable embedding of Jenkins in a frame.

      This should be configurable "somehow." Either via an extension point, or allowing PageDecorators to set the header property by changing the order of layout.jelly.

          [JENKINS-21881] Make X-Frame-Options configurable

            danielbeck Daniel Beck
            recampbell Ryan Campbell
            Votes:
            7 Vote for this issue
            Watchers:
            14 Start watching this issue

              Created:
              Updated:
              Resolved: