← Back to branch summary

~juju-gui/charms/precise/juju-gui/trunk

  • Committer: Francesco Banconi
  • Date: 2014-04-18 10:51:37 UTC
  • mfrom: (181.1.3 clickjacking)
  • Revision ID: francesco.banconi@canonical.com-20140418105137-mnrwhacf0kcw4261
Avoid clickjacking.

Update the builtin and legacy servers to send
the proper X-Frame-Options header so that
iframing is denied from extraneous origins.

The legacy server has been update to ensure
clickjacking is not possible on jujucharms.com.

Tests: `make unittest`.

QA: 
- juju bootstrap an environment;
- run `make deploy`;
- wait for the GUI to be ready/started;
- open the GUI with the browser and log in;
- prepare an HTML page like the following, replacing
  <GUI UNIT HOSTNAME> with the address of the GUI in
  your environment:

<!DOCTYPE html>
<html>
<head>
    <title>test clickjacking</title>
</head>
<body>
<iframe src="https://<GUI UNIT HOSTNAME>"
  height="800" width="1000"></iframe>
</body>
</html>

- open the test page above with the browser,
  the iframe should be empty;
- switch to the legacy server:
  `juju set juju-gui builtin-server=false`;
- wait a minute for the config-changed hook
  to complete;
- open the test page above with the browser,
  the iframe should be empty;
- destroy the environment.

R=jeff.pihach
CC=
https://codereview.appspot.com/88090048
Filename Latest Rev Last Changed Committer Comment Size
..
config 3.2.2 11 years ago Francesco Banconi Base structure of the charm. All hooks translated Diff
deps 80.1.6 10 years ago Nicola Larosa Fix and add tests. Diff
exec.d 41.2.1 11 years ago Matthew Wedgwood support for pre-install hooks such as basenode Diff
files 60.2.11 10 years ago Curtis Hovey Added rough and simple life check. Diff
hooks 3.2.1 11 years ago Francesco Banconi Install hook. Diff
releases 113.2.1 10 years ago Francesco Banconi Parse a local release. Diff
scripts 60.2.10 10 years ago Curtis Hovey Added an older version of charmsupport to ensure t Diff
server 71.1.1 10 years ago Francesco Banconi Base structure for the server. Diff
tests 3.1.1 11 years ago Benji York initial project structure, especially tests Diff
.bzrignore 145.2.2 10 years ago Benji York ignore files the HACKING doc suggests we create 133 bytes Diff Download File
.lbox 62.1.1 10 years ago Brad Crittenden Add .lbox for specifying the target branch 60 bytes Diff Download File
File .lbox.check 65.3.10 10 years ago Francesco Banconi lbox.check fix. 30 bytes Diff Download File
config.yaml 178.1.6 10 years ago Francesco Banconi Changes as per review. 8 KB Diff Download File
COPYING 65.2.1 10 years ago Nicola Larosa Added the COPYING file, and headers to source file 33.7 KB Diff Download File
copyright 65.2.1 10 years ago Nicola Larosa Added the COPYING file, and headers to source file 770 bytes Diff Download File
Dependencies.md 147.1.1 10 years ago Rick Harding Remove all the pyjuju 2.3 KB Diff Download File
HACKING.md 178.1.6 10 years ago Francesco Banconi Changes as per review. 10.7 KB Diff Download File
icon.svg 42.1.1 11 years ago Benjamin Saller basic apache support 8.8 KB Diff Download File
Makefile 178.1.4 10 years ago Francesco Banconi Checkpoint. 3.1 KB Diff Download File
metadata.yaml 60.2.11 10 years ago Curtis Hovey Added rough and simple life check. 1 KB Diff Download File
Operation.md 80.1.10 10 years ago Nicola Larosa Some doc and comment changes per gary's review. 1.5 KB Diff Download File
README.md 178.1.6 10 years ago Francesco Banconi Changes as per review. 9 KB Diff Download File
revision 181.1.2 10 years ago Francesco Banconi Bump revision up. 4 bytes Diff Download File
server-requirements.pip 60.8.16 10 years ago Kapil Thangavelu update to latest deployer for subordinate bundle f 1.3 KB Diff Download File
test-requirements.pip 145.2.1 10 years ago Benji York use newer selenium that works with latest firefox 1.7 KB Diff Download File