Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set X_FRAME_OPTIONS Django setting to an allowed value #157

Open
jmaupetit opened this issue Dec 15, 2019 · 0 comments
Open

Set X_FRAME_OPTIONS Django setting to an allowed value #157

jmaupetit opened this issue Dec 15, 2019 · 0 comments
Labels
bug

Comments

@jmaupetit
Copy link
Contributor

Expected Behavior

No JS error related to the X-Frame-Options header should occur.

Actual Behavior

The X-Frame-Options header value is set to ALLOW, which is not allowed (for reference, see https://developer.mozilla.org/fr/docs/Web/HTTP/Headers/X-Frame-Options), leading to the following Require.js dynamic loading error:

Error: Dynamic load not allowed: common/templates/components/system-feedback.underscore base.js:83:8563

Steps to Reproduce

  1. Go to the Studio (CMS) course details view
  2. The following error message should appear in the browser console:
Invalid X-Frame-Options: “ALLOW” header from “https://cms.staging.foo.fr/settings/details/course-v1:Musicality+CS101+2019_T4” loaded into “https://cms.staging.foo.fr/course/course-v1:Musicality+CS101+2019_T4”.

Specifications

  • Version: at least dogwood.3-fun-1.3.4 (I think all releases and flavors are impacted)
  • Platform: Firefox 71 (Ubuntu GNU/Linux)
@jmaupetit jmaupetit added the bug label Dec 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jmaupetit