I've created a Java Web Application which is hosted by Glassfish Sever 4.1. In the Web Application there is a page which is having an IFrame which redirects to a specific CRM website. While redirecting I'm getting;
Refused to display 'https://xxxxxxxx.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
How to get rid of this issue?
By following lot of examples online, I've tried with creating a servlet and using filter [ContainerResponseFilter] to set following headers;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("X-Frame-Options", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
response.setHeader("Content-Security-Policy", "frame-ancestors none");
But as I understand servlet offers REST resources, not the hosted application. It has to be maintained by Server itself. But in Glassfish Administration Console, there is no such options to enable or disable "X-Frame-Options".
