Hi Amalesh,
You can also set it in web.xml file of your component as Apache Tomcat has
already provided the support for that.
Just add *HttpHeaderSecurityFilter* and then you can set these options as
param.
<filter>
<display-name>HttpHeaderSecurityFilter</display-name>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
Refer
https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html
Thanks & Regards,
Aditya Sharma
Enterprise Software Engineer
HotWax Systems Pvt. Ltd.
http://www.hotwaxsystems.com/
On Wed, Apr 12, 2017 at 4:53 PM, Deepak Dixit <
deepak.di...@hotwaxsystems.com> wrote:
> Hi Amalesh,
>
> If you want to render some specific view to iframe then you can set the
> x-frame-options in view mapping as well.
>
> Thanks & Regards
> --
> Deepak Dixit
> www.hotwaxsystems.com
>
> On Wed, Apr 12, 2017 at 4:30 PM, Shubham Agrawal <
> shubham.agra...@hotwaxsystems.com> wrote:
>
> > Hii Amalesh,
> >
> > X-Frame-Options is a security implementation which is inserted by the
> > server in response header. This response header avoids any browser to
> > render a page in HTML tags like <iframe>.
> >
> > According to you, the X-Frame-Options is set to SameOrigin. For your case
> > to work, I think you can change it to ALLOW-FROM
> https://website-name.com
> >
> > To change the X-Frame-Options in OFBiz:
> >
> > 1) Traverse to this file
> > /framework/webapp/src/main/java/org/apache/ofbiz/webapp/
> > control/RequestHandler.java
> >
> > 2) Search for sameorigin.
> >
> > 3) Replace sameorigin with ALLOW-FROM https://website-name.com
> >
> >
> >
> > P.S. - It is not allowed to follow such practice due to security
> concerns.
> > You should look for some other way to fulfil your task. Using Iframe is
> > also not recommended as you are showing the content from the other
> website
> > which makes it vulnerable to ClickJacking attacks.
> >
> > *Thanks and Regards,*
> > *Shubham Agrawal*
> > *Enterprise Software Engineer*
> > *Hotwax Systems Pvt Ltd*
> >
> > On Wed, Apr 12, 2017 at 3:45 PM, Taher Alkhateeb <
> > slidingfilame...@gmail.com
> > > wrote:
> >
> > > Hi Amalesh,
> > >
> > > What do you mean by "I imported running ofbiz in to my project through
> > > Iframe"? I'm not sure I understand what you're referring to?
> > >
> > > Cheers,
> > >
> > > Taher Alkhateeb
> > >
> > > On Wed, Apr 12, 2017 at 10:09 AM, amalesh paul <amalesh.p...@gmail.com
> >
> > > wrote:
> > >
> > > > Hello,
> > > > My name is Amalesh, I am using Apache ofbiz 16 version in my
> > > > project. For that I imported running ofbiz in to my project through
> > > Iframe.
> > > > It is not working, when I debug the browser could not able to display
> > the
> > > > url because it set 'X-Frame-Options' to 'sameorigin'.
> > > > Now I want to remove the x-frame-options from ofbiz, how can
> I
> > > > change the x-frame-options. Or else is there any other way to bring
> the
> > > > ofbiz in to Iframe.
> > > > Please let me know the solution for the above problem.
> > > >
> > > > Thank You.
> > > >
> > > > --
> > > >
> > > > *Warm Regards,*
> > > > *Amalesh.R*
> > > > *9677843593.*
> > > >
> > >
> >
>
