"X-Frame-Options" is deprecated

The "X-Frame-Options" header is used in the ansible build config, but it is deprecated and should be replaced with “Content-Security-Policy”.

Example: `Content-Security-Policy "frame-ancestors ‘self’ 'https://*.my-trusted-external-site.edu' 'http://localhost:*' 'https://localhost:*';”;`

Opencast infrastructure ref: 
- https://github.com/opencast/opencast-project-infrastructure/blob/master/ansible-buildbot-cluster/roles/buildbot-config/templates/buildbot.conf#L29-L40
- https://github.com/opencast/opencast-project-infrastructure/blob/master/ansible-deploy-adopter-reg-server/registration-server.yml#L134-L140

Deprecation Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

"X-Frame-Options" is deprecated #18

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

"X-Frame-Options" is deprecated #18

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions