Hi Amalesh, You can also set it in web.xml file of your component as Apache Tomcat has already provided the support for that.
Just add *HttpHeaderSecurityFilter* and then you can set these options as param. <filter> <display-name>HttpHeaderSecurityFilter</display-name> <filter-name>HttpHeaderSecurityFilter</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>antiClickJackingOption</param-name> <param-value>SAMEORIGIN</param-value> </init-param> </filter> Refer https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html Thanks & Regards, Aditya Sharma Enterprise Software Engineer HotWax Systems Pvt. Ltd. http://www.hotwaxsystems.com/ On Wed, Apr 12, 2017 at 4:53 PM, Deepak Dixit < deepak.di...@hotwaxsystems.com> wrote: > Hi Amalesh, > > If you want to render some specific view to iframe then you can set the > x-frame-options in view mapping as well. > > Thanks & Regards > -- > Deepak Dixit > www.hotwaxsystems.com > > On Wed, Apr 12, 2017 at 4:30 PM, Shubham Agrawal < > shubham.agra...@hotwaxsystems.com> wrote: > > > Hii Amalesh, > > > > X-Frame-Options is a security implementation which is inserted by the > > server in response header. This response header avoids any browser to > > render a page in HTML tags like <iframe>. > > > > According to you, the X-Frame-Options is set to SameOrigin. For your case > > to work, I think you can change it to ALLOW-FROM > https://website-name.com > > > > To change the X-Frame-Options in OFBiz: > > > > 1) Traverse to this file > > /framework/webapp/src/main/java/org/apache/ofbiz/webapp/ > > control/RequestHandler.java > > > > 2) Search for sameorigin. > > > > 3) Replace sameorigin with ALLOW-FROM https://website-name.com > > > > > > > > P.S. - It is not allowed to follow such practice due to security > concerns. > > You should look for some other way to fulfil your task. Using Iframe is > > also not recommended as you are showing the content from the other > website > > which makes it vulnerable to ClickJacking attacks. > > > > *Thanks and Regards,* > > *Shubham Agrawal* > > *Enterprise Software Engineer* > > *Hotwax Systems Pvt Ltd* > > > > On Wed, Apr 12, 2017 at 3:45 PM, Taher Alkhateeb < > > slidingfilame...@gmail.com > > > wrote: > > > > > Hi Amalesh, > > > > > > What do you mean by "I imported running ofbiz in to my project through > > > Iframe"? I'm not sure I understand what you're referring to? > > > > > > Cheers, > > > > > > Taher Alkhateeb > > > > > > On Wed, Apr 12, 2017 at 10:09 AM, amalesh paul <amalesh.p...@gmail.com > > > > > wrote: > > > > > > > Hello, > > > > My name is Amalesh, I am using Apache ofbiz 16 version in my > > > > project. For that I imported running ofbiz in to my project through > > > Iframe. > > > > It is not working, when I debug the browser could not able to display > > the > > > > url because it set 'X-Frame-Options' to 'sameorigin'. > > > > Now I want to remove the x-frame-options from ofbiz, how can > I > > > > change the x-frame-options. Or else is there any other way to bring > the > > > > ofbiz in to Iframe. > > > > Please let me know the solution for the above problem. > > > > > > > > Thank You. > > > > > > > > -- > > > > > > > > *Warm Regards,* > > > > *Amalesh.R* > > > > *9677843593.* > > > > > > > > > >