How to modify X-Frame-Options value for idp pages?

While tring to embed cuba with idp into webframe, browser prevented that as “X-Frame-Options:DENY” set for idp pages.

I tried to modify settings in tomcat conf/web.xml, but it does not work.

I tried to modify in spring security, but idp login pages are in web module, I don’t know how to change spring security settings in web module.

Could you help, please?


HI, @anjingjing

You can try overriding idp configuration in your application by doing the following steps:

  1. Create the idp-dispatcher-spring.xml in the web-module. Copy and paste the content of the file with the same name from the IDP addon.
  2. Specify the explicit X-Frame-Options by adding this code to your configuration:
    <security:http pattern="/**"


            <frame-options policy="SAMEORIGIN"/>
  1. In the set the property pointing to the idp configuration file: cuba.idpSpringContextConfig = com/sample/.../idp-dispatcher-spring.xml


Thanks Gleb, it works :smiley: