Jump to content

Handbuch:$wgEditPageFrameOptions

From mediawiki.org
This page is a translated version of the page Manual:$wgEditPageFrameOptions and the translation is 38% complete.
Sicherheit: $wgEditPageFrameOptions
Control framing of wiki pages globally.
Eingeführt in Version:1.16.1
Entfernt in Version:Weiterhin vorhanden
Erlaubte Werte:(string) or false
Standardwert:'DENY'

This variable determines the X-Frame-Options header to send on pages sensitive to clickjacking attacks, such as edit pages. This prevents those pages from being displayed in a frame or iframe. Die Optionen sind:

'DENY'
Erlaube kein Framing. Dies ist für die meisten Wikis empfohlen.
'SAMEORIGIN'
Allow framing by pages on the same domain. This can be used to allow framing within a trusted origin. This is insecure if there is a page on the same origin which allows framing of arbitrary URLs.
false
Allow all framing. This opens up the wiki to XSS attacks and thus full compromise of local user accounts. Private wikis behind a corporate firewall are especially vulnerable. Dies ist nicht empfohlen.

Siehe auch