on 10-22-2018 4:49 PM
I'm trying to set X-frame-options to ALLOW-FROM uri. No success through HAC and local.properties/recipes.
Is there a way to change it using backoffice or is there anything else I can do it to simply change that parameter?
Obs.:By the way, it all is required to allow Hybris Sales to perform singlesigon in Hybris Commerce.
Add the property to your local.properties
and restart the server:
xss.filter.header.X-Frame-Options=ALLOW-FROM https://somewhere.else.com
If this doesn't work (and it should, I've changed this property for countless projects) you have some other problem...
Are you 100% sure the out-of-the-box XSSFilter
is the only thing that sets the X-Frame-Options
header?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
By the way, it all is required to allow Hybris Sales to perform singlesigon in Hybris Commerce.
If you use a mashup (= iframe), then yes, you need to fiddle with the X-Frame-Options
header.
Or you just provide a link to Commerce in the Sales frontend, which spares you all the hassle (AFAIK, that's how works OOTB). So the user has a link that opens the storefront and performs SSO for him/her automatically
User | Count |
---|---|
6 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.