Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Any official way to set X-Frame-Options header? #155

Open
wildone opened this issue Apr 12, 2023 · 6 comments
Open

Any official way to set X-Frame-Options header? #155

wildone opened this issue Apr 12, 2023 · 6 comments
Labels
documentation Improvements or additions to documentation enhancement New feature or request

Comments

@wildone
Copy link

wildone commented Apr 12, 2023

Is your feature request related to a problem? Please describe.
I would like to set X-Frame-Options header for all responses on CMS so that I can load CMS UI in an iFrame.

Describe the solution you'd like
Would like to configure an OSGI config with headers to send with all responses.

Describe alternatives you've considered
Running a proxy to do this. :(
@wildone wildone added the enhancement New feature or request label Apr 12, 2023
@michalcukierman
Copy link
Member

michalcukierman commented Apr 12, 2023
edited
Loading

Hey @wildone !

I think you can add a header to SlingMainServlet in the feature model. We use custom headers in www.ds.pl:

"configurations": {
...
   "org.apache.sling.engine.impl.SlingMainServlet":{
      "sling.additional.response.headers":[
        "X-Content-Type-Options=nosniff",
        "X-Frame-Options=SAMEORIGIN",
        "Cache-control=no-cache",
        "Strict-Transport-Security=max-age=31536000"
      ]
    },
...
}

@michalcukierman
Copy link
Member

michalcukierman commented Apr 12, 2023
edited
Loading

I guess we need to have a section in the documentation on how to work with the feature models / configurations. WDYT @paweljozwicki ?

@paweljozwicki
Copy link
Contributor

Totally agree.

@paweljozwicki paweljozwicki added the documentation Improvements or additions to documentation label Apr 12, 2023
@wildone
Copy link
Author

wildone commented Apr 14, 2023
edited
Loading

I guess we need to have a section in the documentation on how to work with the feature models / configurations. WDYT @paweljozwicki ?

There is sample config in the archetype already, I have been using it. I'll be able to use this, thanks!

Docs on how to update Editor UI in various places would be good, see #156.

Ive managed to build publishing processor for clientlibs, that was fun to figure out. :D Oh yeah I got clientlibs capability :D

@wildone wildone closed this as completed Apr 14, 2023
@wildone wildone reopened this Apr 14, 2023
@wildone
Copy link
Author

wildone commented Apr 14, 2023

should I keep this open? @paweljozwicki

@paweljozwicki
Copy link
Contributor

Yes, let's keep it open until we would prepare the documentation :)

@Rahul139-stack Rahul139-stack mentioned this issue May 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wildone @michalcukierman @paweljozwicki