Regarding X-Frame Option directive set to deny
78 views
Skip to first unread message
PUSHPENDRA PANDEY
Apr 5, 2023, 7:47:01 AM4/5/23
to DSpace Community
Dear Team,
We have show the bit stream content in frame but error show "x-frame option directive set to deny".
I observed that its dspace content security policy how to custmize that
Nurminen, Miika
Jan 13, 2025, 5:31:50 AM1/13/25
to pushp...@gmail.com, dspace-c...@googlegroups.com
Hello,
this has been probably been already resolved but for reference, the
X-Frame-Option issue is related to Spring security policy:
https://docs.spring.io/spring-security/site/docs/4.1.0.RELEASE/reference/html/headers.html
If your application is running in the same domain, the issue can be
worked around by changing the corresponding code generating header in
DSpace
(dspace-server-webapp\src\main\java\org\dspace\app\rest\security\WebSecurityConfiguration.java)
to SAMEORIGIN. e.g. add
.and().headers().frameOptions().sameOrigin()
to configure method (e.g.
https://github.com/DSpace/DSpace/blob/dspace-7_x/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/WebSecurityConfiguration.java#L114
).
Additional note: the X-Frame-Options header itself seems to be deprecated
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
so it should be replaced with comprehensive Content Security Policy
header in the future.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
https://www.baeldung.com/spring-security-csp
Best regards,
Miika Nurminen
> --
> All messages to this mailing list should adhere to the Code of Conduct:
> https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx <https://
> www.lyrasis.org/about/Pages/Code-of-Conduct.aspx>
> ---
> You received this message because you are subscribed to the Google
> Groups "DSpace Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to dspace-communi...@googlegroups.com
> <mailto:dspace-communi...@googlegroups.com>.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/dspace-community/5395cc64-fcdb-43b3-bcd3-
> a7c324c50f47n%40googlegroups.com <https://groups.google.com/d/msgid/
> dspace-community/5395cc64-fcdb-43b3-bcd3-
> a7c324c50f47n%40googlegroups.com?utm_medium=email&utm_source=footer>.
this has been probably been already resolved but for reference, the
X-Frame-Option issue is related to Spring security policy:
https://docs.spring.io/spring-security/site/docs/4.1.0.RELEASE/reference/html/headers.html
If your application is running in the same domain, the issue can be
worked around by changing the corresponding code generating header in
DSpace
(dspace-server-webapp\src\main\java\org\dspace\app\rest\security\WebSecurityConfiguration.java)
to SAMEORIGIN. e.g. add
.and().headers().frameOptions().sameOrigin()
to configure method (e.g.
https://github.com/DSpace/DSpace/blob/dspace-7_x/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/WebSecurityConfiguration.java#L114
).
Additional note: the X-Frame-Options header itself seems to be deprecated
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
so it should be replaced with comprehensive Content Security Policy
header in the future.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
https://www.baeldung.com/spring-security-csp
Best regards,
Miika Nurminen
> All messages to this mailing list should adhere to the Code of Conduct:
> https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx <https://
> www.lyrasis.org/about/Pages/Code-of-Conduct.aspx>
> ---
> You received this message because you are subscribed to the Google
> Groups "DSpace Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to dspace-communi...@googlegroups.com
> <mailto:dspace-communi...@googlegroups.com>.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/dspace-community/5395cc64-fcdb-43b3-bcd3-
> a7c324c50f47n%40googlegroups.com <https://groups.google.com/d/msgid/
> dspace-community/5395cc64-fcdb-43b3-bcd3-
> a7c324c50f47n%40googlegroups.com?utm_medium=email&utm_source=footer>.
Reply all
Reply to author
Forward
0 new messages