User talk:Riramar

Welcome to OWASP! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! KateHartmann (talk) 07:53, 30 November 2015 (CST)

Hi Riramar, this is ADHTB. You're right about X-Frame-Options header directive ALLOWALL, it is defined almost nowhere. It was initially set up on some servers to make the directive invalid and thus allow the websites to be framed from any other origin. As a consequence Mozilla (and apparently Microsoft too) decided to make it "valid" (to remove warnings from console): https://bugs.webkit.org/show_bug.cgi?id=110857 My goal here was to mention that somehow, and in my own opinion, it is better to have an explicit value than an implicit default value. However as it is my own opinion, I won't blame you if you revert my change because you disagree (as it is right it is defined in no RFC or other "official" document) :).