Questions tagged [x-frame-options]
9 questions
7
votes
2 answers
How can the x-frame-options HTTP header of ADFS 3 be manipulated?
By default, ADFS 3 responses contain the "X-Frame-Options: DENY" HTTP header. This prevents ADFS from being run in an iframe, because this presents an opportunity for clickjacking attacks.
At the moment my company is however implementing an…
wkampmann
- 71
- 1
- 5
4
votes
2 answers
Apache 2.4: Header unset in does not work
We are running apache 2.4 in order to serve our typo3 generated websites.
In general we want to have the
X-Frame-Options SAMEORIGIN Header present for all requests.
With one exception. For a specific URL this Header should be unset, since it has to…
Tobias Wolf
- 71
- 1
- 4
4
votes
2 answers
X-Frame Options
I am struggling with the X-Frame-Options. I have a HTML page and want to include (with an iframe) another HTML page. The first warning said:
Refused to display ../map.html in a frame because it set 'X-Frame-Options' to 'DENY'.
I tried this: …
Lonneke
- 61
- 1
- 1
- 4
3
votes
1 answer
Disabling X-FRAME-OPTIONS in SharePoint
I'm trying to display an Excel document from SharePoint2010 Excel Services in an iframe. But I'm getting an error due to the x-frame-options header. I have access to the to SharePoint server and all online searches tell me to go to IIS Manager ->…
nthpixel
- 153
- 1
- 7
2
votes
2 answers
How can I add X-Frame-Options selectively using Apache?
I am planning to set X-Frame-Options SAMEORIGIN in my server's httpd.conf as part of improving the defenses against click jacking. I understand this will add the X-Frame-Options header to all pages. There is a "widget" page that I would like to…
Manoj Govindan
- 123
- 1
- 1
- 4
1
vote
1 answer
Is it safe to use the X-Frame-Options Allow-From directive
I've been trying to find the answer to this but haven't been able to find anything definitive. For X-Frame-Options, it seems there is only limited support for the 'Allow-From' option which allows you to whitelist a URL which can embed your site in…
jawilson
- 111
- 2
1
vote
1 answer
Nginx X-Frame Options, Iframe Wordpress
Using Wordpress on Nginx.
I am receiving these errors but I can't seem to find out where in my Nginx options I have specified this 'DENY' header.
Multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, DENY') encountered when…
JoaMika
- 499
- 2
- 9
- 21
0
votes
1 answer
Disabling X-FRAME-OPTION: SAMEORIGIN HTTP Response Header on SharePoint/PowerPivot xlsviewer.aspx
I need to frame a page being served by SharePoint 2010's xlsviewer.aspx but this page is setting the HTTP response header X-FRAME-OPTION to SAMEORIGIN, so IE8 refuses to render the page in a frame on another domain, which is what I need.
It appears…
Daniel Coffman
- 103
- 1
- 5
0
votes
0 answers
HTTP/1.1 500 ERROR in Apache Tomcat 9.0.31
We're really looking forward to your advice on this topic.
This issue we face in an application, using Apache Tomcat release 9.0.31.
The HTTP/1.1 500 error message, we never saw it with Apache Tomcat release 9.0.22 (which we had before).
From a…
Justin
- 1