Reputation: 15
how to add X-Frame-Options: DENY to the angular azure app server?
How and where to add the 'X-Frame-Options:DENY' to our web app service?
we are using the azure app service(linux based) and the front end is Built using Angular 13+
How and where to implement the 'X-Frame-Options:DENY' to avoid seeing the clickjacking issue for our website scan?
Note: We are not using any middleware(our frontend directly communicate with API) to add this option in web.config
Upvotes: 0
Views: 628
Answers (1)
Reputation: 8157
There's no direct way to add X-Frame-Options to Deny in Azure Web App.
According to this SO Thread answer by Jason Pan
As you are using Linux OS for your angular Azure Web app Edit your .htaccess file like below:-
Visit newui to edit your file in Kudu:-
https://webappname.scm.azurewebsites.net/newui/fileManager#
<IfModule mod_headers.c>
Header always append X-Frame-Options "SAMEORIGIN"
</IfModule>
If you are using Windows OS for your angular Azure web app Edit your web.config with below line to edit the X-Frame_Options like below:-
<httpProtocol allowKeepAlive="true" > <customHeaders> <add name="X-Frame-Options" value="*" /> </customHeaders> </httpProtocol> </system.webServer> ```
Upvotes: 0
Related Questions
- Prevent ClickJacking
- Angular Azure App Services Content Security Policy Nonce
- Disable click outside of angular material dialog area to close the dialog (With Angular Version 4.0+)
- Hosting angular application in azure linux app service
- add_header X-Frame-Options DENY; in nginx conf is not working, i can still see the iframe in our application
- How to host an angular on Azure linux web app
- Suppressing anti-forgery X-Frame options header in the global.asax weakens security despite setting X-Frame options in Web.config?