Hi,
I am trying to set X-frame-options headers.
I added the following in the appengine-web.xml
<include path="/**.html" >
<!-- Refer to clickjacking. QuickBooks security review email on Aug 28
2019 -->
<http-header name="X-FRAME-OPTIONS"
value="DENY SAMEORIGIN" />
<http-header name="Content-Security-Policy"
value="frame-ancestors 'none'" />
</include>
It is all fine, except for one case.
For example, if I am running local and type
http://localhost:8888 : Then the headers are not added to the response
However, http://localhost:8888/index.html, the headers are added to the
response
How can I add the headers in the response for the case '
http://localhost:8888'
--
Rajesh
*www.ServiceFolder.com <http://www.ServiceFolder.com>*
*Field Service Software on Google Cloud Platform and Mobile*
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to google-appengine+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/google-appengine/CA%2BS7ijb8TjmYxiQbhQBKL5A65b0ioekJW67%2BwcHbGrTh%2Bc19Pg%40mail.gmail.com.
