Load denied by X-Frame-Options

Post Reply
Posts: 8
Joined: 19 Feb 2018, 14:44

21 Mar 2018, 20:42


After I upgraded my project to this theme the iFrames no longer work, they are denied by the browser due to the X-Frame-Options.
They were working before and I have not changed my response headers.

When I try to change my response header to mitigate this issue as suggested on SO,
response.addHeader("X-Frame-Options", "SAMEORIGIN");
I end up with two x-frame-options and still not working
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Where does this X-Frame-Options come from in the California theme?

User avatar
Posts: 3531
Joined: 29 Jun 2013, 12:38

25 Apr 2018, 08:57

Could you please try it without California? Also, could you please check PF versions in California and your project(without California)?

Posts: 8
Joined: 19 Feb 2018, 14:44

16 Aug 2018, 16:51

Without Carlifonia theme the iframes work ok. They are use to display Jasper reports and the reports show correctly without Carlifonia Theme.
The PF version in the project before Carlifonia is 6.0, I'm using the same version in the project with Carlifonia Theme

Posts: 18053
Joined: 05 Jan 2009, 00:21
Location: Cybertron

28 Aug 2018, 20:58

I could not replicated, tried adding the following to california dashboard and it worked;

Code: Select all

<iframe width="560" height="315" src="https://www.youtube.com/embed/owsfdh4gxyc" frameborder="0" allowfullscreen></iframe>
Do you get an error message inside the iframe? Could it be the source of your frame?

Post Reply

Return to “California - PrimeFaces”

  • Information
  • Who is online

    Users browsing this forum: No registered users and 1 guest