CODEWITHSUNDEEP
htmlwildfly
Danyal Sandeelo
Danyal Sandeelo

Reputation: 12391

X-Frame-Options: ALLOW-FROM a particular domain in wildfly

I have an application that's deployed on wildfly on a centos server.

I have two other applications that access a page of my application using iframe. What I access that I page, that's all I see in console:

1 Refused to display 'APP_URL' in a frame because it set 'X-Frame-Options' to 'deny'.

I know the reason behind this all and I want to allow my wildfly web-server to allow it from my 2 domains like this

X-Frame-Options: ALLOW-FROM https://example.com/

where can I configure this setting in wildfly? I know about apache server, it's done in httpd.conf file but I want to do this in wildfly.

Upvotes: 1

Views: 6563

Answers (1)

Kamal KatturSubramaniam
Kamal KatturSubramaniam

Reputation: 21

I've configured the "SAMEORIGIN" option in wildlfy once. I suppose the "ALLOW-FROM" should be pretty similar.

You need to make this change in the undertow subsystem of Standalone.xml.

You should find the below settings in your xml.

<subsystem xmlns="urn:jboss:domain:undertow:1.0">
    <buffer-caches>
        <buffer-cache name="default" buffer-size="1024"
            buffers-per-region="1024" max-regions="10" />
    </buffer-caches>
    <server name="default-server">
        <http-listener name="default" socket-binding="http" />
        <host name="default-host" alias="localhost">
            <location name="/" handler="welcome-content" />
        </host>
        **<filter-ref name="xFrameOptions" />**
    </server>
    <servlet-container name="default"
        default-buffer-cache="default" stack-trace-on-error="local-only">
        <jsp-config />
        <persistent-sessions />
    </servlet-container>
    <handlers>
        <file name="welcome-content"
            path="${jboss.home.dir}/welcome-content" directory-listing="true" />
    </handlers>
    **<filters>
        <response-header name="xFrameOptions"
            header-name="X-Frame-Options"
            header-value="allow-from https://example.com/" />
    </filters>**
</subsystem>

Make sure, you add the filter-reference and then use the reference to add the X-Frame-Options for response-header.

You can do this by manually editing the standalone.xml or by using jboss-cli.

Thanks, Kamal

Upvotes: 2

Related Questions