cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

I'm trying to set X-frame-options to ALLOW-FROM uri. No success through HAC and local.properties/recipes

Go to solution
former_member596271
Explorer

on ‎10-22-2018 4:49 PM

0 Kudos

I'm trying to set X-frame-options to ALLOW-FROM uri. No success through HAC and local.properties/recipes.

Is there a way to change it using backoffice or is there anything else I can do it to simply change that parameter?

Obs.:By the way, it all is required to allow Hybris Sales to perform singlesigon in Hybris Commerce.

Show replies
Show replies
geffchang
Active Contributor
‎10-22-2018 5:07 PM
0 Kudos

Is this the syntax you used? https://help.hybris.com/1808/hcd/84536f3477394a5e8768dfa2620432c2.html

former_member596271
Explorer
‎10-22-2018 5:21 PM
0 Kudos

Yes Geff. It's set as below:

property 'xss.filter.header.X-Frame-Options', 'ALLOW-FROM https://my327274.crm.ondemand.com'

former_member596271
Explorer
‎10-22-2018 5:22 PM
0 Kudos

The matter is that seems I can't override platform properties. Unless I don't need to.. I would need some advice on that.

geffchang
Active Contributor
‎10-22-2018 5:30 PM
0 Kudos

Did you put "xss.filter.header.X-Frame-Options=ALLOW-FROM https://my327274.crm.ondemand.com" in local.properties?

Answer

Accepted Solutions (1)

Accepted Solutions (1)

mpern
Employee
Employee
‎10-22-2018 5:33 PM
0 Kudos

Add the property to your local.properties and restart the server:

 xss.filter.header.X-Frame-Options=ALLOW-FROM https://somewhere.else.com

If this doesn't work (and it should, I've changed this property for countless projects) you have some other problem...

Are you 100% sure the out-of-the-box XSSFilter is the only thing that sets the X-Frame-Options header?

Show replies
Show replies
former_member596271
Explorer
‎10-22-2018 8:04 PM
0 Kudos

You are right, seems we got a confusion due working with multiple environments.

Have you ever used: ??

I believe I ll still need it to perform a mashup/singlesignon between Hybrys Sales and Hybris Commerce right?

mpern
Employee
Employee
‎10-23-2018 8:53 AM
0 Kudos

By the way, it all is required to allow Hybris Sales to perform singlesigon in Hybris Commerce.

If you use a mashup (= iframe), then yes, you need to fiddle with the X-Frame-Options header.

Or you just provide a link to Commerce in the Sales frontend, which spares you all the hassle (AFAIK, that's how works OOTB). So the user has a link that opens the storefront and performs SSO for him/her automatically

former_member596271
Explorer
‎10-23-2018 4:13 PM
0 Kudos

Thank you Markus. Seems my comment got the extension name I was referring to removed. So let me complement my questions to finish my doubts.

Is it still necessary to implement the extension: "samlsinglesignon" to be able to log into commerce from sales interface ?

mpern
Employee
Employee
‎10-23-2018 6:42 PM
0 Kudos

If you want to have true single sign on, yes.

Otherwise your users have to login again in the storefront as an assisted service agent, and you will have to manually create all required accounts in commerce too.

Answers (0)

Ask a Question