fix: disallow embedded of horizon in iframe (#338) OpenStack Helm enables the Horizon service to be embedded in an iframe by default. This is a security risk and should be disabled. This patch disables the embedding of Horizon in an iframe.

commit: 876cb21687cca2790c12bcb913073592371c10c3 [log] [tgz]
author: Mohammed Naser <mnaser@vexxhost.com> Fri Feb 24 15:27:00 2023 -0500
committer: GitHub <noreply@github.com> Fri Feb 24 15:27:00 2023 -0500
tree: 5ddc117e5070c16910f20695387daf2b505689c9
parent: c50c946c1bad4348a75434fce39fff31bcd0684f [diff]
diff --git a/roles/horizon/vars/main.yml b/roles/horizon/vars/main.yml
index 012a539..f7d8c96 100644
--- a/roles/horizon/vars/main.yml
+++ b/roles/horizon/vars/main.yml

@@ -23,6 +23,7 @@
     horizon:
       local_settings:
         config:
+          disallow_iframe_embed: "True"
           secure_proxy_ssl_header: "True"
           horizon_images_upload_mode: direct
           openstack_enable_password_retrieve: "True"
commit	876cb21687cca2790c12bcb913073592371c10c3	[log] [tgz]
author	Mohammed Naser <mnaser@vexxhost.com>	Fri Feb 24 15:27:00 2023 -0500
committer	GitHub <noreply@github.com>	Fri Feb 24 15:27:00 2023 -0500
tree	5ddc117e5070c16910f20695387daf2b505689c9
parent	c50c946c1bad4348a75434fce39fff31bcd0684f [diff]