Standard - Add x-frame-options to security consideration
For frame busting to avoid click jacking.
It may even be normative.
Comments (4)
-
-
reporter Add the following text.
At the end of 2.2.4
Where applicable, the authorization server MUST take measures against Cross-Site Request Forgery and Click-jacking as stated in the section 10.12. and 10.13 of RFC 6749.
At the end of 2.2.5,
Where applicable, the authorization server MUST take measures against Cross-Site Request Forgery and Click-jacking as stated in the section 10.12. and 10.13 of RFC 6749.
Change 9. Security Considerations text to:
This specification references the security considerations defined in OpenID Connect Messages 1.0 [OpenID.Messages], Section 10 of RFC 6749, and Section 5 of RFC 6750. RFC 6819 gives comprehensive threat analysis on RFC 6749 and RFC 6750 that this specification is their binding of the OpenID Connect Messages 1.0 [OpenID.Messages]. Thus the consideration in the RFC 6819 SHOULD be carefully examined as well.
-
reporter - changed status to open
Change the proposed text for 2.2.5 so that people will not think that the identical text to 2.2.4 and 2.2.5 is an editorial error.
-
- changed status to resolved
Fixed
#839- Described requirement to employ countermeasures against Cross-Site Request Forgery and Clickjacking.→ <<cset e3f086364650>>
- Log in to comment
I need you to write the precise text that you want to appear and let me know which sections you want it to appear in. I don't understand this one well enough to be able to guess correctly what to say.