Manage disallow_iframe_embed

disallow_iframe_embed can be used to prevent Horizon from being embedded within an iframe. Legacy browsers are still vulnerable to a Cross-Frame Scripting (XFS) vulnerability, so this option allows extra security hardening where iframes are not used in deployment Change-Id: I2fe6b243250608b340ee555062060dbdad1a49c4 Depends-On: I5c540e552efe738bdec8598f9257fa22ae651a76 Closes-Bug: #1641882
author: Luke Hinds <lhinds@redhat.com> 2016-12-09 11:41:19 +0000
committer: Luke Hinds <lhinds@redhat.com> 2016-12-13 06:52:43 +0000
commit: 0146b6be0d2f1710c7884a39fd60a2124394fc56 (patch)
tree: cae58c254b843f8bfcab8e39c16b15db8d4cd191 /puppet/services/horizon.yaml
parent: 1e11997e76a0d4dfba7909ad242882ef91967b4e (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 8eaf4044..3cdd069c 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -60,6 +60,7 @@ outputs:
                 - 443
           horizon::disable_password_reveal: true
           horizon::enforce_password_check: true
+          horizon::disallow_iframe_embed: true
           horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
           horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
           horizon::vhost_extra_params:
author	Luke Hinds <lhinds@redhat.com>	2016-12-09 11:41:19 +0000
committer	Luke Hinds <lhinds@redhat.com>	2016-12-13 06:52:43 +0000
commit	0146b6be0d2f1710c7884a39fd60a2124394fc56 (patch)
tree	cae58c254b843f8bfcab8e39c16b15db8d4cd191 /puppet/services/horizon.yaml
parent	1e11997e76a0d4dfba7909ad242882ef91967b4e (diff)