MAGETWO-16192: Security: Clickjacking solution - introduce X-Frame-Options
- use plugin to send xFrameOptions header when response is sent - get inject header value into plugin via DI argument injection - setup a config field in env.php to contain non-backend header values
Showing
- .htaccess 1 addition, 8 deletions.htaccess
- app/code/Magento/Backend/etc/adminhtml/di.xml 5 additions, 0 deletionsapp/code/Magento/Backend/etc/adminhtml/di.xml
- app/code/Magento/Store/etc/di.xml 4 additions, 0 deletionsapp/code/Magento/Store/etc/di.xml
- app/etc/di.xml 5 additions, 0 deletionsapp/etc/di.xml
- lib/internal/Magento/Framework/App/Response/Http.php 20 additions, 0 deletionslib/internal/Magento/Framework/App/Response/Http.php
- lib/internal/Magento/Framework/App/Response/XFrameOptPlugin.php 43 additions, 0 deletions...ternal/Magento/Framework/App/Response/XFrameOptPlugin.php
- lib/internal/Magento/Framework/Config/ConfigOptionsListConstants.php 2 additions, 1 deletion...l/Magento/Framework/Config/ConfigOptionsListConstants.php
- setup/src/Magento/Setup/Model/ConfigGenerator.php 14 additions, 0 deletionssetup/src/Magento/Setup/Model/ConfigGenerator.php
- setup/src/Magento/Setup/Model/ConfigOptionsList.php 1 addition, 0 deletionssetup/src/Magento/Setup/Model/ConfigOptionsList.php
- setup/src/Magento/Setup/Test/Unit/Model/ConfigGeneratorTest.php 41 additions, 0 deletions...src/Magento/Setup/Test/Unit/Model/ConfigGeneratorTest.php
Please register or sign in to comment