mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-22 10:21:36 +03:00
f88adb9180
no issue - by default the `/ghost/` route will add an `x-frame-options: sameorigin` header to the response to help protect the admin area against clickjacking - the header can be disabled by adding `"adminFrameProtection": false` to the `config.{env}.json` configuration file Credits: Muhammad Fawwad Obaida |
||
---|---|---|
.. | ||
controller_spec.js | ||
middleware_spec.js |