[
https://issues.apache.org/jira/browse/KNOX-1323?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16480677#comment-16480677
]
Phil Zampino commented on KNOX-1323:
------------------------------------
Updated the 1.1.0 User Guide to include the new X-Content-Type-Options support,
and to correct the X-Frame-Options config description.
> Reconcile WebAppSecurity provider X-Frame-Options and X-Content-Type-Options
> param names
> ----------------------------------------------------------------------------------------
>
> Key: KNOX-1323
> URL: https://issues.apache.org/jira/browse/KNOX-1323
> Project: Apache Knox
> Issue Type: Bug
> Components: AdminUI, Server, Site
> Affects Versions: 1.1.0
> Reporter: Phil Zampino
> Assignee: Phil Zampino
> Priority: Major
> Fix For: 1.1.0
>
>
> The X-Frame-Options params for the WebAppSec provider do not match what is
> documented.
> Since the implementation is being used (e.g., manager.xml, knoxsso.xml), the
> appropriate resolution is to correct the docs.
> Additionally, since the Admin UI support for this was based on the docs, it
> also needs to be updated to produce the correct params.
> Further, the X-Content-Type-Options param names should be similar in form to
> the X-Frame-Options param names.
> The correct param names are:
> * xframe.options
> * xframe.options.enabled
> * xcontent-type.options
> * xcontent-type.options.enabled
> The User Guide must be updated to reflect the correct X-Frame-Options param
> names; it currently describes xframe-options.enabled and xframe-options.value
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
