From 0146b6be0d2f1710c7884a39fd60a2124394fc56 Mon Sep 17 00:00:00 2001
From: Luke Hinds <lhinds@redhat.com>
Date: Fri, 9 Dec 2016 11:41:19 +0000
Subject: Manage disallow_iframe_embed

disallow_iframe_embed can be used to prevent Horizon from being
embedded within an iframe. Legacy browsers are still vulnerable
to a Cross-Frame Scripting (XFS) vulnerability, so this option
allows extra security hardening where iframes are not used in
deployment

Change-Id: I2fe6b243250608b340ee555062060dbdad1a49c4
Depends-On: I5c540e552efe738bdec8598f9257fa22ae651a76
Closes-Bug: #1641882
---
 puppet/services/horizon.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 8eaf4044..3cdd069c 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -60,6 +60,7 @@ outputs:
                 - 443
           horizon::disable_password_reveal: true
           horizon::enforce_password_check: true
+          horizon::disallow_iframe_embed: true
           horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
           horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
           horizon::vhost_extra_params:
-- 
cgit 1.2.3-korg