X-Frame-Options Header#
Overview#
AS has io.jans.as.server.filter.HeadersFilter
which is responsible for attaching headers to server responses.
<filter-mapping>
<filter-name>HeadersFilter</filter-name>
<url-pattern />
</filter-mapping>
Configure X-Frame-Options Header#
The X-Frame-Options
HTTP response header can be used to indicate whether a browser should be allowed
to render a page in a ,
There are two AS configuration properties related to X-Frame-Options
:
xframeOptionsHeaderValue
- sets value ofX-Frame-Options
header. Default value isSAMEORIGIN
. Possible values are:SAMEORIGIN
orDENY
.applyXFrameOptionsHeaderIfUriContainsAny
- array of strings. If incoming request contains any string from this array it will attachX-Frame-Options
header to response.
By default AS attaches X-Frame-Options
header to all responses where request uri contains .htm
.
It means for all AS pages.
Last update:
2024-09-27
Created: 2024-08-14
Created: 2024-08-14