Changes between Initial Version and Version 1 of Ticket #40020, comment 9
- Timestamp:
- 04/11/2018 05:41:39 PM (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #40020, comment 9
initial v1 1 1 @fullyint your reasoning seems sound to me. Part of the reason for using `ALLOW-FROM` was the idea that the iframe could be limited to be embedded from just `customize.php`. But apparently that's not how `ALLOW-FROM` works and this granular usage of allowing from specific URL paths isn't supported. 2 2 3 3 I'd like to get +1 from someone else who is more familiar with the security implications of these headers.