Hi Wickers
In my Wicket app, I had another filter, prior to wicket app, that used to add headers to every request to the webapp. One of this headers was X-Frame-Options with value deny, which prevents pages and elements to be used into an <iframe>; its recommended for security reasons (XSS and CSRF ) In some forms, however, it blocked updates and inner-reloads (specially when a file upload was involved); it has been a little knigthmare to find what was going on. So I removed this header, setting it only in wicket pages I hope you find it useful. > > > Oscar Besga Arcauz < < < --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org