Prime Community Forum


https://forum.primefaces.org/

Load denied by X-Frame-Options

https://forum.primefaces.org/viewtopic.php?f=79&t=55024

Page 1 of 1

Load denied by X-Frame-Options

Posted: 21 Mar 2018, 20:42
by nbs
Hi,

After I upgraded my project to this theme the iFrames no longer work, they are denied by the browser due to the X-Frame-Options.
They were working before and I have not changed my response headers.

When I try to change my response header to mitigate this issue as suggested on SO,
response.addHeader("X-Frame-Options", "SAMEORIGIN");
I end up with two x-frame-options and still not working
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Where does this X-Frame-Options come from in the California theme?

Re: Load denied by X-Frame-Options

Posted: 25 Apr 2018, 08:57
by mert.sincan
Could you please try it without California? Also, could you please check PF versions in California and your project(without California)?

Re: Load denied by X-Frame-Options

Posted: 16 Aug 2018, 16:51
by nbs
Without Carlifonia theme the iframes work ok. They are use to display Jasper reports and the reports show correctly without Carlifonia Theme.
The PF version in the project before Carlifonia is 6.0, I'm using the same version in the project with Carlifonia Theme

Re: Load denied by X-Frame-Options

Posted: 28 Aug 2018, 20:58
by cagatay.civici
I could not replicated, tried adding the following to california dashboard and it worked;

Code: Select all

<iframe width="560" height="315" src="https://www.youtube.com/embed/owsfdh4gxyc" frameborder="0" allowfullscreen></iframe>
Do you get an error message inside the iframe? Could it be the source of your frame?
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/