X-Frame-Options: SAMEORIGIN header remove from LIFT
61 views
Skip to first unread message
Nicola Contu
Jun 10, 2015, 8:20:23 AM6/10/15
to lif...@googlegroups.com
Hello,
we would like to have an iframe showing the content of one page of our website, in another domain.
This is currently not working because (I guess LIFT) sets in the header this parameter : X-Frame-Options: SAMEORIGIN
We followed instructions for the cross origin resource sharing : https://www.assembla.com/spaces/liftweb/wiki/Cross_Origin_Resource_Sharing but it is still not working because of the SAMEORIGIN param.
Is there any way to remove this from the header from the boot file?
Our stack is as follows :
we would like to have an iframe showing the content of one page of our website, in another domain.
This is currently not working because (I guess LIFT) sets in the header this parameter : X-Frame-Options: SAMEORIGIN
We followed instructions for the cross origin resource sharing : https://www.assembla.com/spaces/liftweb/wiki/Cross_Origin_Resource_Sharing but it is still not working because of the SAMEORIGIN param.
Is there any way to remove this from the header from the boot file?
Our stack is as follows :
- Scala 2.10
- Lift 2.6
- Jetty 8
- Nginx that forwards to Jetty
My guess is that is Lift adding this header.
Can you help?
Thanks a lot and regards,
Nicola
Antonio Salazar Cardozo
Jun 10, 2015, 11:07:06 AM6/10/15
to lif...@googlegroups.com, nicola...@gmail.com
If you replace rather than add to the headers returned by supplementalHeaders,
that header will be gone.
That said, I don't see how the X-Frame-Options header, which is meant to control
whether a browser can embed your site inside another site via frame, is affecting
your CORS request. It shouldn't be, from what I can tell.
What leads you to conclude it's the X-Frame-Options header that's breaking things?
Thanks,
Antonio
Reply all
Reply to author
Forward
0 new messages