You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
X-Frame-Options: allowall HTTP header has been enabled on the GDS pages since 2015 by this commit which at best looks unprofessional and at worst opens additional possibilities for fraud by allowing GDS pages to be embedded in frames.
Per my comment under that commit, if there's still need to allow frames for some origins as part of the transition, a much safer allow-from option exists for that purpose.
The text was updated successfully, but these errors were encountered:
X-Frame-Options: allowallHTTP header has been enabled on the GDS pages since 2015 by this commit which at best looks unprofessional and at worst opens additional possibilities for fraud by allowing GDS pages to be embedded in frames.Per my comment under that commit, if there's still need to allow frames for some origins as part of the transition, a much safer
allow-fromoption exists for that purpose.The text was updated successfully, but these errors were encountered: