id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc	parents
5404	X-Frame-Options for admin/moderator views	Matt Molyneaux		"Currently Mediagoblin doesn't do anything to prevent [https://www.owasp.org/index.php/Clickjacking clickjacking].

Setting {{{ X-Frame-Options: SAMEORIGIN }}} in responses for those views would protect against this attack."	defect	review	major		programming