Krone Torres
Reputation: 109
Unset a tomcat response header
How can I unset a header on apache tomcat ? I have a third party app on my tomcat server that respond some request using "X-Frame-Options: deny" can i somehow unset that header?.
notice that using HttpHeaderSecurityFilter I was able to overlay the header, using ALLOW-FROM, but that dont work on chrome.
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>antiClickJackingEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>ALLOW-FROM</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingUri</param-name>
<param-value>http://myothersite/</param-value>
</init-param>
</filter>
Upvotes: 2
Views: 3594
Answers (1)
Kohei TAMURA
Reputation: 5122
If antiClickJackingEnabled is false, Tomcat does not add the header "X-Frame-Options: deny" to responses.
<init-param>
<param-name>antiClickJackingEnabled</param-name>
<param-value>false</param-value>
</init-param>
If it does not work only on Chrome, you may have to remove cache on Chrome.
Upvotes: 1
Related Questions
- Adding response header in Tomcat
- remove server header tomcat
- Tomcat Response Header Fields
- How do delete a HTTP response header?
- Tomcat 8.5: Header missing in the HTTP response
- How to suppress the ResponseHeader
- Hide Status Code from response header in tomcat
- tomcat 5.5 response header cache
- How to modify Tomcat's response header with valves?
- Remove http header using java servlet api