How to modify X-Frame-Options value for idp pages?

Support
#1

Hi,
While tring to embed cuba with idp into webframe, browser prevented that as “X-Frame-Options:DENY” set for idp pages.

I tried to modify settings in tomcat conf/web.xml, but it does not work.

I tried to modify in spring security, but idp login pages are in web module, I don’t know how to change spring security settings in web module.

Could you help, please?

image

How to set X-Frame-Options on the portal rest-api (V7.2.11)
#3

HI, @anjingjing

You can try overriding idp configuration in your application by doing the following steps:

  1. Create the idp-dispatcher-spring.xml in the web-module. Copy and paste the content of the file with the same name from the IDP addon.
  2. Specify the explicit X-Frame-Options by adding this code to your configuration:
    <security:http pattern="/**"
                   create-session="stateless"
                   xmlns="http://www.springframework.org/schema/security">

        ...

        <!--start-->
        <headers>
            <frame-options policy="SAMEORIGIN"/>
        </headers>
        <!--end-->
    </security:http>
  1. In the web-app.properties set the property pointing to the idp configuration file: cuba.idpSpringContextConfig = com/sample/.../idp-dispatcher-spring.xml

Regards,
Gleb

#5

Thanks Gleb, it works :smiley: