Opened 4 years ago

Closed 3 years ago

Last modified 21 months ago

#1679 closed New feature (fixed)

Framebuster / frame breaker

Reported by: vipsoft Owned by: vipsoft
Priority: normal Milestone: Piwik 1.1
Component: Core Keywords:
Cc: Sensitive: no

Description (last modified by vipsoft)

To mitigate clickjacking, prevent the login form from being framed by another website.

Change History (9)

comment:1 Changed 3 years ago by vipsoft (robocoder)

  • Description modified (diff)
  • Milestone changed from Features requests 1.x or 2.x to 1.1 - Piwik 1.1
  • Owner set to vipsoft

comment:2 Changed 3 years ago by vipsoft (robocoder)

  • Resolution set to fixed
  • Status changed from new to closed

(In [3267]) fixes #1679 - clickjacking countermeasures

There are two aspects of this patch:

  • header.tpl - framebuster code
  • Controller.php - set the "X-Frame-Options: deny" header in the HTTP response

comment:4 Changed 3 years ago by vipsoft (robocoder)

(In [3386]) refs #1679 - config option to enable/disable Login framebuster

comment:5 follow-up: Changed 3 years ago by matt (mattab)

Added FAQ: How do I enable users to login into Piwik inside an iframe?

let me know if any feedback

comment:6 Changed 3 years ago by vipsoft (robocoder)

(In [4451]) fixes #2312, refs #1679 - done

comment:7 in reply to: ↑ 5 Changed 2 years ago by aarhus

comment:8 Changed 21 months ago by RowanBlack

comment:9 Changed 21 months ago by HamyngLowe

Note: See TracTickets for help on using tickets.