Allow sameorigin iframe for help modal

We may want to remove that
pull/5884/head
Oliver Günther 7 years ago
parent b62f0491aa
commit 33eeb8c0df
No known key found for this signature in database
GPG Key ID: 88872239EB414F99
  1. 2
      config/initializers/secure_headers.rb
  2. 1
      spec/features/accessibility/work_packages/work_package_query_spec.rb

@ -5,7 +5,7 @@ SecureHeaders::Configuration.default do |config|
}
# Add "; preload" and submit the site to hstspreload.org for best protection.
config.hsts = "max-age=#{20.years.to_i}; includeSubdomains"
config.x_frame_options = "DENY"
config.x_frame_options = "SAMEORIGIN"
config.x_content_type_options = "nosniff"
config.x_xss_protection = "1; mode=block"
config.x_permitted_cross_domain_policies = "none"

@ -200,6 +200,7 @@ describe 'Work package index accessibility', type: :feature, selenium: true do
context 'help' do
it 'opens help popup with \'?\'' do
expect_angular_frontend_initialized
find('body').native.send_keys('?')
expect(page).to have_selector('.ui-dialog', wait: 20)
end

Loading…
Cancel
Save