SecKit Override

Synopsis

The SecKit Override module integrates with the Security Kit module (seckit) to allow the site as a whole to have a "default" level of level of protection, while allowing specific pages within the site to change those protection levels. For instance, SecKit might be configured to prevent pages on the site from being displayed in an <iframe> tag to prevent clickjacking. However, there may be some specific pages within the site which are designed to be used as widgets on another site which should be available within an <iframe>.

This module allows that level of granular control.

Overrides are set by a series of URLs within the site, including optional wildcards. For any given URL pattern, some or all Security Kit settings can be overridden. Any settings which are not overridden will inherit the global setting. If multiple patterns match a given URL, then the overrides of each match are applied in order. The final resulting settings are the result of all of the matching overrides combined on top of the global settings.

For performance reasons, the set of overrides is calculated once, the first time a given page is loaded. After that, the overrides are loaded from a cache. When the override configuration is changed, the cache is cleared so that all pages will pull in the most recent set of overrides.

Requirements

• Security Kit version 1.9 or higher

Known problems

• This module is very tightly integrated with SecKit. In fact, it loads the SecKit admin form as a template to build it's own admin forms. Simple changes by SecKit (adding/editing fields or re-ordering the form) will be handled properly, but if SecKit makes substantial changes to the mapping of the form to the options array, or to the file structure, then this module's admin interface might fail to load properly.