Bug #8156
openX-Frame-Option=SAMEORIGIN doesn't let my application be visualized inside iframe
0%
Description
I call local server application inside iFrame. I see an empty iframe box in browser end error: "Refused to display 'http://localhost:8080/hello' in a frame because it set 'X-Frame-Options' to 'sameorigin'."
To make it work I had to remove line "response.addHeader("X-Frame-Options", "SAMEORIGIN");" from "void WebRenderer::serveBootstrap(WebResponse& response)" method.
It it a bug or there is some workaround besides code changing?
Files
Updated by Korneel Dumon about 3 years ago
This is a security feature, you can use widgetset to embed an application in other pages (like in your other question).
Updated by Marco Kinski over 2 years ago
I would appreciate a setting for the WApplication instance which let's the developer of the app decide if it needs prevention from clickjacking or not.
I then would build two flavors of the app. One without access to security related functionality but allowed to get embeded and a unrestricted not embedable.