[ https://issues.apache.org/jira/browse/NIFI-5366?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16603727#comment-16603727 ]
ASF GitHub Bot commented on NIFI-5366: -------------------------------------- Github user alopresto commented on the issue: https://github.com/apache/nifi/pull/2989 Verified that the header is present on responses. Ran `contrib-check` and all tests pass. +1 if you re-order the dependencies. > Implement Content Security Policy frame-ancestors directive > ----------------------------------------------------------- > > Key: NIFI-5366 > URL: https://issues.apache.org/jira/browse/NIFI-5366 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework > Affects Versions: 1.7.0 > Reporter: Andy LoPresto > Assignee: Nathan Gough > Priority: Major > Labels: frame, header, http, security > > The {{X-Frame-Options}} headers [1] currently in place to prevent malicious > framing / clickjacking [2] are superseded by and should be replaced by the > Content Security Policy frame-ancestors [3] directive. > [1] https://tools.ietf.org/html/rfc7034 > [2] https://en.wikipedia.org/wiki/Clickjacking > [3] > https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors -- This message was sent by Atlassian JIRA (v7.6.3#76005)