Revision: elho-webserver--main--0--patch-21
Archive: elho@elho.net--elho-debian
Creator: Elmar Hoffmann <elho@elho.net>
Date: Thu Oct 11 13:31:27 CEST 2018
Standard-date: 2018-10-11 11:31:27 GMT
Renamed-files: etc/apache2/conf-available/.arch-ids/sameoriginframes.conf.id etc/apache2/conf-available/.arch-ids/framepolicy.conf.id
    etc/apache2/conf-available/sameoriginframes.conf etc/apache2/conf-available/framepolicy.conf
Modified-files: debian/changelog
    debian/elho-webserver.postinst debian/rules
    etc/apache2/conf-available/framepolicy.conf
New-patches: elho@elho.net--elho-debian/elho-webserver--main--0--patch-21
Summary: deny loading sites within frames by default
Keywords: 

The X-Frame-Options specification does not specify to check all ancestors
when allowing to load sites within frames from the same origin. Thus deny it
altogether instead.
