How to set x-frame-options on response header

[Nathan Weinrich]

I need to set the x-frame-options on my partial responses.  I can not find how to do this anywhere.  All i find i how to set it in java or on the $http calls, but nothing on the partials i return to the browser.  Which are the once susceptible to clickjacking attacks.

thanks!

[Nathan Weinrich]

Here is the motivation for this.  https://www.owasp.org/index.php/ClickjackFilter_for_Java_EE

[Eric Eslinger]

This is the kind of thing that needs to be set on the server side, rather than on the client side, as I understand it. So it depends a lot on how you're serving up your angular partials and stuff.

--
You received this message because you are subscribed to the Google Groups "AngularJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to angular+u...@googlegroups.com.
To post to this group, send email to ang...@googlegroups.com.
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/d/optout.

[Nathan Weinrich]

Thank you.  I am deploying to tomcat.  I tried the method suggested by owasp, of putting their class in my deploy and then putting the proper filter config in the web.xml, but it did not add the header when i inspected via chrome developer tools.

[Nathan Weinrich]

Got the server-side working.   The code bit from owasp was errant....and apparently has been since 2013.