Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remove ALLOWALL from X_FRAME_OPTIONS options

Browse Source
This commit is contained in:
Marco Romanelli 2021-03-11 14:41:23 +01:00
parent ba4c977550
commit 6e93575e16
No known key found for this signature in database
GPG Key ID: 7F67F7BC179069BF
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -836,7 +836,7 @@ You can customize the CRS (i.e. : add WordPress exclusions) by adding custom .co
## Security headers ## Security headers
`X_FRAME_OPTIONS` `X_FRAME_OPTIONS`
Values : *DENY* | *SAMEORIGIN* | *ALLOW-FROM https://www.website.net* | *ALLOWALL* Values : *DENY* | *SAMEORIGIN* | *ALLOW-FROM https://www.website.net*
Default value : *DENY* Default value : *DENY*
Context : *global*, *multisite* Context : *global*, *multisite*
Policy to be used when the site is displayed through iframe. Can be used to mitigate clickjacking attacks. Policy to be used when the site is displayed through iframe. Can be used to mitigate clickjacking attacks.