-
1. Re: X-Frame-Options & Clickjacking
ctomc Feb 5, 2015 1:41 PM (in response to christopher.halbersma)that would be undertow subsystem.
you need to add custom header to response, see how currently custom headers are added for Server & X-powered-by
-
2. Re: X-Frame-Options & Clickjacking
christopher.halbersma Feb 5, 2015 3:08 PM (in response to ctomc)Tomaz,
Can you point me in the right direction? Based on the Undertow Documentation it looks like I want to set a Header Handler. Would that be something that would get controlled in the code of the application or can I set that somewhere in my .xml settings file?
-
3. Re: X-Frame-Options & Clickjacking
mustafasayem Feb 2, 2018 12:38 PM (in response to christopher.halbersma)why does all the response for wildfly related questions are so vague? Tomaz Cerar, if you know the answer, could you please be more specific on your answer? Yes, we know wildfly has something great called undertow subsystem.
-
4. Re: X-Frame-Options & Clickjacking
vabara Apr 12, 2018 6:24 PM (in response to christopher.halbersma)<subsystem xmlns="urn:jboss:domain:undertow:1.2">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" max-post-size="999999999"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<filter-ref name="xFrameOptions"/>
</host>
</server>
....
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/8"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
<response-header name="xFrameOptions" header-name="X-Frame-Options" header-value="SAMEORIGIN"/>
</filters>
</subsystem>