Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FIX] Replace obsolete X-FRAME-OPTIONS header on Livechat route #17419

Merged
merged 2 commits into from
May 1, 2020
Merged

[FIX] Replace obsolete X-FRAME-OPTIONS header on Livechat route #17419

merged 2 commits into from
May 1, 2020

Conversation

renatobecker
Copy link
Contributor

@renatobecker renatobecker commented Apr 24, 2020
edited
Loading

CLOSES #6448

The X-Frame-Options header is obsolete and this is reflecting on the web browsers when the Livechat Allowed Domains is configured:

Screen Shot 2020-04-24 at 13 32 16

To fix this we're replacing the X-Frame-Options header by Content-Security-Policy response header.

Screen Shot 2020-04-24 at 13 35 01

@renatobecker
Update livechat.js
c2f1b11 
Replace deprecated X-FRAME-OPTIONS header by Content-Security-Policy.
@renatobecker renatobecker added this to the 4.0.0 milestone Apr 24, 2020
@renatobecker renatobecker requested review from MarcosSpessatto and removed request for rodrigok and sampaiodiego April 27, 2020 14:40
@renatobecker renatobecker modified the milestones: 4.0.0, 3.3.0 Apr 30, 2020
@sampaiodiego sampaiodiego merged commit ef77a21 into develop May 1, 2020
@sampaiodiego sampaiodiego deleted the omnichannel/replace-old-http-header-x-frame-options branch May 1, 2020 16:31
d-gubert pushed a commit that referenced this pull request May 1, 2020
@renatobecker @MarcosSpessatto @d-gubert
[FIX] Replace obsolete X-FRAME-OPTIONS header on Livechat route (#17419)
570c46b 
Replace deprecated X-FRAME-OPTIONS header by Content-Security-Policy.

Co-authored-by: Marcos Spessatto Defendi <marcos.defendi@ulbra.inf.br>
dudizilla added a commit that referenced this pull request May 4, 2020
@dudizilla
Merge branch 'admin-refactor' of https://github.com/RocketChat/Rocket…
20ebb2b 
….Chat into custom-emoji

* 'admin-refactor' of https://github.com/RocketChat/Rocket.Chat:
  LingoHub based on develop (#17520)
  RegExp improvements suggested by LGTM (#17500)
  [FIX] Replace obsolete X-FRAME-OPTIONS header on Livechat route (#17419)
  [FIX] LDAP login error on Enterprise version (#17497)
  [IMPROVE] [Apps-Engine] App user as the default notifier (#17050)
  [NEW] [Apps-Engine] New Livechat event handlers (#17033)
  [FIX] Change email verification label (#17450)
  fix: Admin Users Actions (#17469)
  Fix bad component reference
  [IMPROVE] Depart from /app/ui-admin (#17464)
  Priority system messages were always created (#17479)
  Bump version to 3.3.0-develop
  Bump version to 3.2.0
  Bump version to 3.2.0-rc.2
  Bump version to 3.2.0-rc.1
  Bump version to 3.2.0-rc.0
ggazzo added a commit that referenced this pull request May 6, 2020
@ggazzo
Merge branch 'develop' of github.com:RocketChat/Rocket.Chat into feat…
4fcd8e9 
…/new-threads

* 'develop' of github.com:RocketChat/Rocket.Chat: (42 commits)
  [FIX] Invalid CSS syntax (#17541)
  [NEW] Rewrite admin pages (#17388)
  [FIX] Replace postcss Meteor package (#15929)
  [FIX] Increasing highlight time in 3 seconds (#17540)
  [IMPROVE] Add new webhooks to the Omnichannel integration feature (#17503)
  [BREAK] Remove deprecated Omnichannel Knowledge Base feature (#17387)
  [FIX] Reactions may present empty names of who reacted when using Real Names (#17536)
  Allow to filter omnichannel analytics dashboards per departments. (#17463)
  [FIX] Uncessary updates on Settings, Roles and Permissions on startup (#17160)
  [NEW] Add the ability to send Livechat offline messages to a channel (#17442)
  [FIX] Federation attachment URL for audio and video files (#16430)
  [NEW] Add Livechat website URL to the offline message e-mail (#17429)
  LingoHub based on develop (#17520)
  RegExp improvements suggested by LGTM (#17500)
  [FIX] Replace obsolete X-FRAME-OPTIONS header on Livechat route (#17419)
  [FIX] LDAP login error on Enterprise version (#17497)
  [IMPROVE] [Apps-Engine] App user as the default notifier (#17050)
  [NEW] [Apps-Engine] New Livechat event handlers (#17033)
  [FIX] Change email verification label (#17450)
  Priority system messages were always created (#17479)
  ...
gabriellsh added a commit that referenced this pull request May 6, 2020
@gabriellsh
Merge branch 'admin-refactor' of github.com:RocketChat/Rocket.Chat in…
3670ff9 
…to integrations

* 'admin-refactor' of github.com:RocketChat/Rocket.Chat:
  LingoHub based on develop (#17520)
  RegExp improvements suggested by LGTM (#17500)
  [FIX] Replace obsolete X-FRAME-OPTIONS header on Livechat route (#17419)
  [FIX] LDAP login error on Enterprise version (#17497)
  [IMPROVE] [Apps-Engine] App user as the default notifier (#17050)
  [NEW] [Apps-Engine] New Livechat event handlers (#17033)
  [FIX] Change email verification label (#17450)
  Priority system messages were always created (#17479)
  Bump version to 3.3.0-develop
  Bump version to 3.2.0
  Bump version to 3.2.0-rc.2
  Bump version to 3.2.0-rc.1
  Bump version to 3.2.0-rc.0
ggazzo added a commit that referenced this pull request May 7, 2020
@ggazzo
Merge branch 'develop' of github.com:RocketChat/Rocket.Chat into develop
8ac2b5c 
* 'develop' of github.com:RocketChat/Rocket.Chat:
  Regression: Fix Avatar Url Provider when CDN_PREFIX_ALL is false (#17542)
  [FIX] Invalid CSS syntax (#17541)
  [NEW] Rewrite admin pages (#17388)
  [FIX] Replace postcss Meteor package (#15929)
  [FIX] Increasing highlight time in 3 seconds (#17540)
  [IMPROVE] Add new webhooks to the Omnichannel integration feature (#17503)
  [BREAK] Remove deprecated Omnichannel Knowledge Base feature (#17387)
  [FIX] Reactions may present empty names of who reacted when using Real Names (#17536)
  Allow to filter omnichannel analytics dashboards per departments. (#17463)
  [FIX] Uncessary updates on Settings, Roles and Permissions on startup (#17160)
  [NEW] Add the ability to send Livechat offline messages to a channel (#17442)
  [FIX] Federation attachment URL for audio and video files (#16430)
  [NEW] Add Livechat website URL to the offline message e-mail (#17429)
  LingoHub based on develop (#17520)
  RegExp improvements suggested by LGTM (#17500)
  [FIX] Replace obsolete X-FRAME-OPTIONS header on Livechat route (#17419)
  [FIX] LDAP login error on Enterprise version (#17497)
This was referenced May 28, 2020
Merged
Merged
@cuonghuunguyen
Copy link
Contributor

cuonghuunguyen commented Jun 16, 2020
edited
Loading

Hi @renatobecker, @MarcosSpessatto,
I took a look inside the code, everything is good but it could be better if we can refactor app/cors/server/cors.js:61 as well. This line of code also uses X-Frame-Options and also needs to be refactored
Regards,

@renatobecker
Copy link
Contributor Author

Hi @renatobecker, @MarcosSpessatto,
I took a look inside the code, everything is good but it could be better if we can refactor app/cors/server/cors.js:61 as well. This line of code also uses X-Frame-Options and also needs to be refactored
Regards,

Hi @meomay503
Thanks for reporting, but I suggest you open an issue describing the problem you're facing.

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MarcosSpessatto MarcosSpessatto MarcosSpessatto approved these changes

@ggazzo ggazzo Awaiting requested review from ggazzo

Assignees
No one assigned
Labels
squad: omnichannel subj: livechat
Projects
None yet
Milestone
3.3.0
Development

Successfully merging this pull request may close these issues.

Livechat widget and headers
5 participants
@renatobecker @cuonghuunguyen @MarcosSpessatto @tassoevan @sampaiodiego