Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remove ALLOWALL from X_FRAME_OPTIONS options

Browse Source
This commit is contained in:
Marco Romanelli
2021-03-11 14:41:23 +01:00
parent ba4c977550
commit 6e93575e16
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -836,7 +836,7 @@ You can customize the CRS (i.e. : add WordPress exclusions) by adding custom .co
## Security headers ## Security headers
`X_FRAME_OPTIONS` `X_FRAME_OPTIONS`
Values : *DENY* | *SAMEORIGIN* | *ALLOW-FROM https://www.website.net* | *ALLOWALL* Values : *DENY* | *SAMEORIGIN* | *ALLOW-FROM https://www.website.net*
Default value : *DENY* Default value : *DENY*
Context : *global*, *multisite* Context : *global*, *multisite*
Policy to be used when the site is displayed through iframe. Can be used to mitigate clickjacking attacks. Policy to be used when the site is displayed through iframe. Can be used to mitigate clickjacking attacks.