[www.kde.org] [Bug 424124] Blocked by X-Frame-Options Policy on https://kde.org/community/whatiskde/impressum
Nicolás Alvarez
bugzilla_noreply at kde.org
Sun Jul 12 18:27:01 BST 2020
https://bugs.kde.org/show_bug.cgi?id=424124
Nicolás Alvarez <nicolas.alvarez at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |nicolas.alvarez at gmail.com
Status|REPORTED |RESOLVED
Resolution|--- |FIXED
--- Comment #6 from Nicolás Alvarez <nicolas.alvarez at gmail.com> ---
Thanks for the report. I have changed the response headers and now the opt-out
screen is displayed properly in the impressum page.
Details: The kde.org impressum displayed the opt-out page in a frame, and
stats.kde.org sends an X-Frame-Options header saying it's not allowed to be
displayed in a frame in another hostname. I have now added an exemption: the
opt-out screen ("query string contains &action=optOut") is allowed to appear in
a frame in kde.org ("Content-Security-Policy: frame-ancestors 'self'
https://kde.org").
This fixes the immediate problem, but as discussed later maybe we need to
change text elsewhere if we don't set tracking cookies anymore...
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the kde-www
mailing list