Ghost/core/test/unit/web/admin
Kevin Ansfield f88adb9180
Added x-frame-options header to /ghost/ route (#10760)
no issue
- by default the `/ghost/` route will add an `x-frame-options: sameorigin` header to the response to help protect the admin area against clickjacking
- the header can be disabled by adding `"adminFrameProtection": false` to the `config.{env}.json` configuration file

Credits: Muhammad Fawwad Obaida
2019-05-28 09:04:48 +01:00
..
controller_spec.js Added x-frame-options header to /ghost/ route (#10760) 2019-05-28 09:04:48 +01:00
middleware_spec.js Bumped sinon from 4.4.6 to 7.3.2 (#10400) 2019-01-21 17:53:44 +01:00