-
Notifications
You must be signed in to change notification settings - Fork 17
X Frame Options
Mark Reeves edited this page Jan 4, 2018
·
5 revisions
WComponents sets the HTTP Header X-Frame-Options to the value SAMEORIGIN. This is to alleviate the potential for clickjacking. This header is set in the method com.github.bordertech.wcomponents.servlet.HttpServletHelper.addGenericHeaders(UIContext, WComponent) (addGenericHeaders).
If you have a need to change this header (to DENY, ALLOW-FROM or to remove it) then this method can be overridden. This could be done, for example in an implementation of WServlet.