We're updating the issue view to help you get more done.Learn more

Admin security: admin able to be served in an iframe on separate domains

i.e. set X-FRAME-OPTIONS http header to "SAMEORIGIN"

Status

Assignee

Unassigned

Reporter

Dominic Watson

Accepted

Yes

Fix versions

Priority

Medium