Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21881

Make X-Frame-Options configurable

    Details

    • Similar Issues:

      Description

      Jenkins 1.532.2 sets X-Frame-Options to sameorigin |https://github.com/cloudbees/hudson/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6]. While this prevents attacks via frame embedding, it also prevents any desirable embedding of Jenkins in a frame.

      This should be configurable "somehow." Either via an extension point, or allowing PageDecorators to set the header property by changing the order of layout.jelly.

        Attachments

          Issue Links

            Activity

            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Daniel Beck
            Path:
            core/src/main/java/jenkins/security/FrameOptionsPageDecorator.java
            core/src/main/resources/jenkins/security/FrameOptionsPageDecorator/httpHeaders.jelly
            core/src/main/resources/lib/layout/layout.jelly
            http://jenkins-ci.org/commit/jenkins/fc78fdee9b7a95a6791d23575907cb3389363087
            Log:
            [FIXED JENKINS-21881] System property for disabling X-Frame-Options

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/jenkins/security/FrameOptionsPageDecorator.java core/src/main/resources/jenkins/security/FrameOptionsPageDecorator/httpHeaders.jelly core/src/main/resources/lib/layout/layout.jelly http://jenkins-ci.org/commit/jenkins/fc78fdee9b7a95a6791d23575907cb3389363087 Log: [FIXED JENKINS-21881] System property for disabling X-Frame-Options
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Daniel Beck
            Path:
            test/src/test/java/jenkins/security/FrameOptionsPageDecoratorTest.java
            http://jenkins-ci.org/commit/jenkins/3b5564a4abf8f8976d42ce11d7711cd7022b639b
            Log:
            JENKINS-21881 Add test

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: test/src/test/java/jenkins/security/FrameOptionsPageDecoratorTest.java http://jenkins-ci.org/commit/jenkins/3b5564a4abf8f8976d42ce11d7711cd7022b639b Log: JENKINS-21881 Add test
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Daniel Beck
            Path:
            core/src/main/java/jenkins/security/FrameOptionsPageDecorator.java
            core/src/main/resources/jenkins/security/FrameOptionsPageDecorator/httpHeaders.jelly
            core/src/main/resources/lib/layout/layout.jelly
            test/src/test/java/jenkins/security/FrameOptionsPageDecoratorTest.java
            http://jenkins-ci.org/commit/jenkins/852ba85c961499be716012e76ecbb1104a64091a
            Log:
            Merge pull request #1391 from daniel-beck/JENKINS-21881

            [FIXED JENKINS-21881] System property for disabling X-Frame-Options

            Compare: https://github.com/jenkinsci/jenkins/compare/598aea4307a7...852ba85c9614

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/jenkins/security/FrameOptionsPageDecorator.java core/src/main/resources/jenkins/security/FrameOptionsPageDecorator/httpHeaders.jelly core/src/main/resources/lib/layout/layout.jelly test/src/test/java/jenkins/security/FrameOptionsPageDecoratorTest.java http://jenkins-ci.org/commit/jenkins/852ba85c961499be716012e76ecbb1104a64091a Log: Merge pull request #1391 from daniel-beck/ JENKINS-21881 [FIXED JENKINS-21881] System property for disabling X-Frame-Options Compare: https://github.com/jenkinsci/jenkins/compare/598aea4307a7...852ba85c9614
            Hide
            danielbeck Daniel Beck added a comment -

            From 1.581 on, start Jenkins using java -Djenkins.security.FrameOptionsPageDecorator.enabled=false -jar jenkins.war (with -D before -jar) to get rid of the header.

            Show
            danielbeck Daniel Beck added a comment - From 1.581 on, start Jenkins using java -Djenkins.security.FrameOptionsPageDecorator.enabled=false -jar jenkins.war (with -D before -jar ) to get rid of the header.
            Hide
            dogfood dogfood added a comment -

            Integrated in jenkins_main_trunk #3677
            [FIXED JENKINS-21881] System property for disabling X-Frame-Options (Revision fc78fdee9b7a95a6791d23575907cb3389363087)
            JENKINS-21881 Add test (Revision 3b5564a4abf8f8976d42ce11d7711cd7022b639b)

            Result = SUCCESS
            daniel-beck : fc78fdee9b7a95a6791d23575907cb3389363087
            Files :

            • core/src/main/resources/jenkins/security/FrameOptionsPageDecorator/httpHeaders.jelly
            • core/src/main/java/jenkins/security/FrameOptionsPageDecorator.java
            • core/src/main/resources/lib/layout/layout.jelly

            daniel-beck : 3b5564a4abf8f8976d42ce11d7711cd7022b639b
            Files :

            • test/src/test/java/jenkins/security/FrameOptionsPageDecoratorTest.java
            Show
            dogfood dogfood added a comment - Integrated in jenkins_main_trunk #3677 [FIXED JENKINS-21881] System property for disabling X-Frame-Options (Revision fc78fdee9b7a95a6791d23575907cb3389363087) JENKINS-21881 Add test (Revision 3b5564a4abf8f8976d42ce11d7711cd7022b639b) Result = SUCCESS daniel-beck : fc78fdee9b7a95a6791d23575907cb3389363087 Files : core/src/main/resources/jenkins/security/FrameOptionsPageDecorator/httpHeaders.jelly core/src/main/java/jenkins/security/FrameOptionsPageDecorator.java core/src/main/resources/lib/layout/layout.jelly daniel-beck : 3b5564a4abf8f8976d42ce11d7711cd7022b639b Files : test/src/test/java/jenkins/security/FrameOptionsPageDecoratorTest.java

              People

              • Assignee:
                danielbeck Daniel Beck
                Reporter:
                recampbell Ryan Campbell
              • Votes:
                7 Vote for this issue
                Watchers:
                14 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: