Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

how do I set X-Frame-Options response header to allow-from value(s) using spring java config?

Tags:

http-headers

x-frame-options

spring-security

spring-java-config

How do I set X-Frame-Options response header with a value of allow-from using spring java config?

http.headers().disable()
    .addHeaderWriter(new XFrameOptionsHeaderWriter(
      new WhiteListedAllowFromStrategy(
        Arrays.asList("https://example1.com", "https://example2.com"))));

In Http Response headers I get:

X-Frame-Options:"ALLOW-FROM DENY".

Why aren't my origins listed in the header value?

like image 626
Kamal Joshi Avatar asked Oct 01 '15 21:10

Kamal Joshi

People also ask

How do you include X-frame-Options header in the HTTP response?

Double-click the HTTP Response Headers icon in the feature list in the middle. In the Actions pane on the right side, click Add. In the dialog box that appears, type X-Frame-Options in the Name field and type SAMEORIGIN in the Value field. Click OK to save your changes.

How do I set X-frame-options to allow all?

Allowing all domains is the default. Don't set the X-Frame-Options header at all if you want that. Note that the successor to X-Frame-Options — CSP's frame-ancestors directive — accepts a list of allowed origins so you can easily allow some origins instead of none, one or all. ALLOWALL is the default value.

What is HTTP headers () frameOptions ()?

http .headers(headers -> headers .frameOptions(frameOptions -> frameOptions .sameOrigin() ) ) This tells the browser that the page can only be displayed in a frame on the same origin as the page itself.

1 Answers

I ended up adding my headers statically like below:

http
    .headers().frameOptions().disable()
    .addHeaderWriter(new StaticHeadersWriter("X-FRAME-OPTIONS", "ALLOW-FROM example1.com"));
like image 63
Kamal Joshi Avatar answered Sep 16 '22 12:09

Kamal Joshi
Sign in to Comment

Related questions

How to programatically return a json response after executing a custom filter UsernamePasswordAuthenticationFilter?
Configure Spring Security to return 403 for REST URLs and redirect to login for other URLs
Why doesn't my custom login page show with Spring Security 4?
Multi-user restful api using spring boot, jpa and security
Securing a Spring Data RepositoryRestResource (CrudRepository) over HTTP, but not internally
Spring boot security consider case insensitive username check for login
Spring Keycloak adapter Permissions Policy Enforcer. How to set it up
Use Spring Properties in Java with CrossOrigin Annotation or in Spring-Config XML
Spring Security with Spring Boot: Mix Basic Authentication with JWT token authentication [duplicate]
Encoded Precent(%25) with Spring RequestMapping path param gives HTTP 400
Implementing Hierarchical Roles in Spring Security
SpelEvaluationException: EL1007E:(pos 43): Field or property 'group' cannot be found on null
Spring Security Java Config - custom AuthenticationProvider and UserDetailsService
Different csrf token per request in Spring security
Missing client_id when accessing token with linkedIn
How to extract authentication token in @Controller
SpringBoot - Error parsing HTTP request header (Oauth2 https endpoints)
Spring-Boot @PreAuthorize allow operation only for admin or if the authenticated user id is same as path parameter id
Could someone explain Spring Security BasePermission.Create?
Howto implement Spring Security User/Authorities with Hibernate/JPA2?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!