Skip to content

Cherry-pick: Prevent vicadmin from being loaded in an iframe (#8177)#8182

Merged
zjs merged 1 commit intovmware:releases/1.4.3from
zjs:cherry/3f68360
Aug 9, 2018
Merged

Cherry-pick: Prevent vicadmin from being loaded in an iframe (#8177)#8182
zjs merged 1 commit intovmware:releases/1.4.3from
zjs:cherry/3f68360

Conversation

@zjs
Copy link
Member

@zjs zjs commented Aug 7, 2018

In order to protect the vicadmin page from being embedded in a page
controlled by an attacker, set the Content-Security-Policy header to
disallow rendering of the page within an iframe.

(cherry picked from commit 3f68360)

[specific ci=Group9-VIC-Admin]

@zjs
Prevent vicadmin from being loaded in an iframe (vmware#8177)
b85e96b 
In order to protect the vicadmin page from being embedded in a page
controlled by an attacker, set the Content-Security-Policy header to
disallow rendering of the page within an iframe.

(cherry picked from commit 3f68360)
@zjs zjs self-assigned this Aug 7, 2018
@zjs zjs merged commit 420b56f into vmware:releases/1.4.3 Aug 9, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@hickeng hickeng hickeng approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@zjs zjs

Labels

cla-not-required

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@zjs @hickeng @vmwclabot