From 52626d87d0d55ea73e76c231d64647c3307e3791 Mon Sep 17 00:00:00 2001 From: Jesse Pretorius Date: Fri, 10 Feb 2017 17:18:44 +0000 Subject: [PATCH] Expose horizon_disallow_iframe_embed in defaults In order to expose the variable in documentation, it is defined in defaults and the value is always templated. The default value is set to the same as the upstream default. Change-Id: I3a8785de414a82931b1089f7396b0fbe3b68ae7d --- defaults/main.yml | 8 ++++++++ templates/horizon_local_settings.py.j2 | 6 +----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index ed2f4a69..6d36e740 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -113,6 +113,14 @@ horizon_simple_ip_management: True # To enable ha router support in horizon set to True horizon_enable_ha_router: False +# DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded +# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame +# Scripting (XFS) vulnerability, so this option allows extra security hardening +# where iframes are not used in deployment. Default setting is True. +# For more information see: +# http://tinyurl.com/anticlickjack +horizon_disallow_iframe_embed: True + # WSGI tuning parameters # horizon_wsgi_processes: 4 # horizon_wsgi_threads: 4 diff --git a/templates/horizon_local_settings.py.j2 b/templates/horizon_local_settings.py.j2 index 719a40dc..01ae53b0 100644 --- a/templates/horizon_local_settings.py.j2 +++ b/templates/horizon_local_settings.py.j2 @@ -725,11 +725,7 @@ REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES', # where iframes are not used in deployment. Default setting is True. # For more information see: # http://tinyurl.com/anticlickjack -{% if horizon_disallow_iframe_embed is defined %} -DISALLOW_IFRAME_EMBED = {{ horizon_disallow_iframe_embed }} -{% else %} -#DISALLOW_IFRAME_EMBED = True -{% endif %} +DISALLOW_IFRAME_EMBED = {{ horizon_disallow_iframe_embed | bool }} # The default date range in the Overview panel meters - either minus N # days (if the value is integer N), or from the beginning of the current month