Hi Amalesh
You might also be interested by
https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers
and
https://issues.apache.org/jira/browse/OFBIZ-6766
But please remember to rather use the user ML for such questions, see why here
http://ofbiz.apache.org/mailing-lists.html
You will get a better support and it's more fair to share with everybody
The wider the audience the better the answers you might get
Thanks
Jacques
Le 26/04/2017 à 06:09, Aditya Sharma a écrit :
Hi Amalesh,
You can also set it in web.xml file of your component as Apache Tomcat has
already provided the support for that.
Just add *HttpHeaderSecurityFilter* and then you can set these options as
param.
<filter>
<display-name>HttpHeaderSecurityFilter</display-name>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
Refer
https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html
Thanks & Regards,
Aditya Sharma
Enterprise Software Engineer
HotWax Systems Pvt. Ltd.
http://www.hotwaxsystems.com/
On Wed, Apr 12, 2017 at 4:53 PM, Deepak Dixit <
deepak.di...@hotwaxsystems.com> wrote:
Hi Amalesh,
If you want to render some specific view to iframe then you can set the
x-frame-options in view mapping as well.
Thanks & Regards
--
Deepak Dixit
www.hotwaxsystems.com
On Wed, Apr 12, 2017 at 4:30 PM, Shubham Agrawal <
shubham.agra...@hotwaxsystems.com> wrote:
Hii Amalesh,
X-Frame-Options is a security implementation which is inserted by the
server in response header. This response header avoids any browser to
render a page in HTML tags like <iframe>.
According to you, the X-Frame-Options is set to SameOrigin. For your case
to work, I think you can change it to ALLOW-FROM
https://website-name.com
To change the X-Frame-Options in OFBiz:
1) Traverse to this file
/framework/webapp/src/main/java/org/apache/ofbiz/webapp/
control/RequestHandler.java
2) Search for sameorigin.
3) Replace sameorigin with ALLOW-FROM https://website-name.com
P.S. - It is not allowed to follow such practice due to security
concerns.
You should look for some other way to fulfil your task. Using Iframe is
also not recommended as you are showing the content from the other
website
which makes it vulnerable to ClickJacking attacks.
*Thanks and Regards,*
*Shubham Agrawal*
*Enterprise Software Engineer*
*Hotwax Systems Pvt Ltd*
On Wed, Apr 12, 2017 at 3:45 PM, Taher Alkhateeb <
slidingfilame...@gmail.com
wrote:
Hi Amalesh,
What do you mean by "I imported running ofbiz in to my project through
Iframe"? I'm not sure I understand what you're referring to?
Cheers,
Taher Alkhateeb
On Wed, Apr 12, 2017 at 10:09 AM, amalesh paul <amalesh.p...@gmail.com
wrote:
Hello,
My name is Amalesh, I am using Apache ofbiz 16 version in my
project. For that I imported running ofbiz in to my project through
Iframe.
It is not working, when I debug the browser could not able to display
the
url because it set 'X-Frame-Options' to 'sameorigin'.
Now I want to remove the x-frame-options from ofbiz, how can
I
change the x-frame-options. Or else is there any other way to bring
the
ofbiz in to Iframe.
Please let me know the solution for the above problem.
Thank You.
--
*Warm Regards,*
*Amalesh.R*
*9677843593.*
