Menu
I have CKeditor on my jsp and whenever I upload something, the following error pops out:
Refused to display 'http://localhost:8080/xxx/xxx/upload-image?CKEditor=text&CKEditorFuncNum=1&langCode=ru' in a frame because it set 'X-Frame-Options' to 'DENY'. I have tried removing Spring Security and everything works like a charm. How can I disable this in spring security xml file? What should I write between <http> tags
594
You can remove the HTTP header X-Frame-Options: SAMEORIGIN from WordPress by removing the send_frame_options_header function from the admin_init and login_init hooks.
http .headers(headers -> headers .frameOptions(frameOptions -> frameOptions .sameOrigin() ) ) This tells the browser that the page can only be displayed in a frame on the same origin as the page itself.
X-Frame-Options:DENY is a header that forbids a page from being displayed in a frame. If your server is configured to send this heading, your sign-on screen will not be allowed to load within the embed codes provided by Credo, which use the iframe HTML element.
By default X-Frame-Options is set to denied, to prevent clickjacking attacks. To override this, you can add the following into your spring security config
<http> <headers> <frame-options policy="SAMEORIGIN"/> </headers> </http> Here are available options for policy
For more information take a look here.
And here to check how you can configure the headers using either XML or Java configs.
Note, that you might need also to specify appropriate strategy, based on needs.
156
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
