[QGIS-Developer] enabled X-Frame-Options HTTP response header on qgis.org and docs.qgis.org
Richard Duivenvoorde
rdmailings at duif.net
Sun Mar 3 23:22:19 PST 2024
Hi All,
FYI: somebody mailed us on security at qgis.org that we did not set X-Frame-Options HTTP response header on our website, which "... could be at risk of a clickjacking attack ...".
As this seemed an easy fix, we now set
X-Frame-Options DENY
Please let me know if this is (or gives you) a problem somewhere.
Regards,
Richard Duivenvoorde
More information about the QGIS-Developer
mailing list