We're updating the issue view to help you get more done. 

Admin security: admin able to be served in an iframe on separate domains

Description

i.e. set X-FRAME-OPTIONS http header to "SAMEORIGIN"

Environment

Status

Assignee

Unassigned

Reporter

Dominic Watson

Accepted

Yes

Fix versions

Priority

Medium