x-frame-same-origin not working
Added by George McFie 3 months ago
Any suggestions would be very welcome.
I’m attempting to force my Wt Server to be accessible from an iframe of another server. Specifically I’m trying to prevent the server from returning the header …
X-Frame-Options: sameorigin
My understanding from the wt_config.xml documentation is that I only need to define/configure …
<server>
<application-settings location="*">
<x-frame-same-origin>false</x-frame-same-origin> <!-- <<<<<<<<<< THIS <<<<<<<<<<< -->
... however this does not work. I can confirm that …
- I am updating the correct wt_config.xml file
- and I have restarted the server
Replies (2)
RE: x-frame-same-origin not working - Added by Mark Petryk 3 months ago
Found this page, not sure if it will be helpful;
https://www.webtoolkit.eu/wt/news/2010/12/17/widgetset_mode_and_cross_origin_requests
RE: x-frame-same-origin not working - Added by Romain Mardulyn 17 days ago
Hi George,
The X-Frame-Options: sameorigin header is never sent by an application in WidgetSet mode. Are you sure the type of the entry point added to your WServer is of type WidgetSet and not Application?
Your main should look similar to this:
int main(int argc, char **argv)
{
try {
Wt::WServer server(argc, argv, WTHTTP_CONFIGURATION);
server.addEntryPoint(Wt::EntryPointType::WidgetSet, createApplication);
server.run();
} catch (Wt::WServer::Exception& e) {
std::cerr << e.what() << std::endl;
} catch (std::exception &e) {
std::cerr << "exception: " << e.what() << std::endl;
}
}