?

User tests: Successful: Unsuccessful:

avatar Joey3000
Joey3000
22 Aug 2014

Steps to reproduce the issue

  1. Open the Joomla back-end log-in page (www.example.com/administrator/)
  2. Using browser tools (e.g. the Firefox web console), check headers received with server response to GET www.example.com/administrator/

Expected result

  1. "X-Frame-Options: SAMEORIGIN" is received

Actual result

  1. "X-Frames-Options: SAME-ORIGIN" is received

System information (as much as possible)

PHP 5.3.6 on Apache on Linux

Additional comments

What should be server header "X-Frame-Options: SAMEORIGIN" is sent as "X-Frames-Options: SAME-ORIGIN" on Joomla 2.5.24. (I.e. both, header name AND its value are misspelled.)

Note: This was fixed on "master" with http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=30790, but not on Joomla 2.5.x.

avatar Joey3000 Joey3000 - open - 22 Aug 2014
avatar jissues-bot jissues-bot - change - 22 Aug 2014
Status Pending New
Labels Added: ?
avatar brianteeman brianteeman - change - 23 Aug 2014
Labels Added: ?
avatar brianteeman brianteeman - change - 23 Aug 2014
Title
Correct spelling of the X-Frame-Options header on Joomla 2.5
[#30790] Correct spelling of the X-Frame-Options header on Joomla 2.5
avatar brianteeman
brianteeman - comment - 23 Aug 2014

Simple fix making RTC

avatar mbabker mbabker - change - 23 Aug 2014
Status New Closed
Closed_Date 0000-00-00 00:00:00 2014-08-23 15:06:57
avatar mbabker mbabker - close - 23 Aug 2014

Add a Comment

Login with GitHub to post a comment