This causes warnings on the host page console.
The following lines probably should check that :x-frame-options value is
truthy (and default to true) instead. The docs should also be updated
accordingly.
|
true (assoc-in [:response :headers "x-frame-options"] |
|
(get-in ctx [:resource :x-frame-options] "SAMEORIGIN")) |
This causes warnings on the host page console.
The following lines probably should check that :x-frame-options value is
truthy (and default to true) instead. The docs should also be updated
accordingly.
yada/src/yada/security.clj
Lines 366 to 367 in c6cb858