You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Oscar Besga Arcauz <ob...@isdefe.es> on 2012/12/12 12:34:12 UTC
[FYI] X-Frame-Options deny Header
Hi Wickers
In my Wicket app, I had another filter, prior to wicket app, that used to add headers to every request to the webapp.
One of this headers was X-Frame-Options with value deny, which prevents pages and elements to be used into an <iframe>; its recommended for security reasons (XSS and
CSRF )
In some forms, however, it blocked updates and inner-reloads (specially when a file upload was involved); it has been a little knigthmare to find what was going on.
So I removed this header, setting it only in wicket pages
I hope you find it useful.
> > > Oscar Besga Arcauz < < <
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org