CODEWITHSUNDEEP
node.jsangularhttp-headersx-frame-options
DEV1205
DEV1205

Reputation: 372

Set X-frame-options to SAMEORIGIN in angular 6 to block site in iframe tag

I want to block my site in the <iframe> tag. On research I found that to do so, I need to set the header as 'x-frame-options' to 'SAMEORIGIN'.

Tried setting the meta tag as

  <meta http-equiv="X-Frame-Options" content="deny">

But this method is outdated since April 2016.

When I am trying to search it is giving me the result for httpClient. But I want the same when Someone hit my url through .

Do I need to set the header through node or need to do some changes in angular.json

My site is working on node server with URL http://localhost:4200/.

Upvotes: 1

Views: 34426

Answers (2)

Satish Patro
Satish Patro

Reputation: 4394

If you are using any webserver like Nginx, Apache HTTP Server

example for how to use in Nginx

add_header X-Frame-Options "SAMEORIGIN";

in global scope, or location scope. Better to do in location scope. Because, as soon as you add some header in location scope, the global scope will not reflect

Additional

You can take care of more things using the header like cross-site scripting

add_header X-XSS-Protection "1; mode=block";

Even though nowadays browsers are helping to reduce cross-site scripting. More detail description in here

Upvotes: 2

jasie
jasie

Reputation: 2444

You cannot do it on angular side, only on server side.

I think you can use this npm package:

https://www.npmjs.com/package/x-frame-options

Upvotes: 3

Related Questions