This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "User talk:Riramar"

From OWASP
Jump to: navigation, search
m (Welcome!)
 
 
Line 3: Line 3:
 
You will probably want to read the [https://www.mediawiki.org/wiki/Special:MyLanguage/Help:Contents help pages].
 
You will probably want to read the [https://www.mediawiki.org/wiki/Special:MyLanguage/Help:Contents help pages].
 
Again, welcome and have fun! [[User:KateHartmann|KateHartmann]] ([[User talk:KateHartmann|talk]]) 07:53, 30 November 2015 (CST)
 
Again, welcome and have fun! [[User:KateHartmann|KateHartmann]] ([[User talk:KateHartmann|talk]]) 07:53, 30 November 2015 (CST)
 +
 +
Hi Riramar, this is [[User:ADHTB|ADHTB]].
 +
You're right about X-Frame-Options header directive ALLOWALL, it is defined almost nowhere.
 +
It was initially set up on some servers to make the directive invalid and thus allow the websites to be framed from any other origin. As a consequence Mozilla (and apparently Microsoft too) decided to make it "valid" (to remove warnings from console): https://bugs.webkit.org/show_bug.cgi?id=110857
 +
My goal here was to mention that somehow, and in my own opinion, it is better to have an explicit value than an implicit default value. However as it is my own opinion, I won't blame you if you revert my change because you disagree (as it is right it is defined in no RFC or other "official" document) :).

Latest revision as of 18:48, 14 April 2016

Welcome to OWASP! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! KateHartmann (talk) 07:53, 30 November 2015 (CST)

Hi Riramar, this is ADHTB. You're right about X-Frame-Options header directive ALLOWALL, it is defined almost nowhere. It was initially set up on some servers to make the directive invalid and thus allow the websites to be framed from any other origin. As a consequence Mozilla (and apparently Microsoft too) decided to make it "valid" (to remove warnings from console): https://bugs.webkit.org/show_bug.cgi?id=110857 My goal here was to mention that somehow, and in my own opinion, it is better to have an explicit value than an implicit default value. However as it is my own opinion, I won't blame you if you revert my change because you disagree (as it is right it is defined in no RFC or other "official" document) :).