Project

General

Profile

Actions

Bug #8156

closed

X-Frame-Option=SAMEORIGIN doesn't let my application be visualized inside iframe

Added by Alex Fedorov almost 4 years ago. Updated about 2 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
02/26/2021
Due date:
% Done:

0%

Estimated time:

Description

I call local server application inside iFrame. I see an empty iframe box in browser end error: "Refused to display 'http://localhost:8080/hello' in a frame because it set 'X-Frame-Options' to 'sameorigin'."
To make it work I had to remove line "response.addHeader("X-Frame-Options", "SAMEORIGIN");" from "void WebRenderer::serveBootstrap(WebResponse& response)" method.
It it a bug or there is some workaround besides code changing?


Files

hello.html (521 Bytes) hello.html Alex Fedorov, 02/26/2021 10:07 PM

Related issues 1 (1 open0 closed)

Related to Improvements #13187: Allow custom headers to be configured in the config fileReview11/06/2024

Actions
Actions #1

Updated by Korneel Dumon almost 4 years ago

This is a security feature, you can use widgetset to embed an application in other pages (like in your other question).

Actions #2

Updated by Marco Kinski about 3 years ago

I would appreciate a setting for the WApplication instance which let's the developer of the app decide if it needs prevention from clickjacking or not.

I then would build two flavors of the app. One without access to security related functionality but allowed to get embeded and a unrestricted not embedable.

Actions #3

Updated by Matthias Van Ceulebroeck about 2 months ago

  • Related to Improvements #13187: Allow custom headers to be configured in the config file added
Actions #4

Updated by Matthias Van Ceulebroeck about 2 months ago

  • Status changed from New to Rejected

This is being closed, since it it tracked by a previous entry: #6584

Actions

Also available in: Atom PDF