X-Frame-Options header is "Deny"

natf17 / shopify-embedded-app

Enables any web app using Spring Security to operate as a Shopify embedded app.

23 stars 9 forks source link

X-Frame-Options header is "Deny" #1

Closed natf17 closed 4 years ago

natf17 commented 4 years ago

To load in an iFrame as an embedded app, the "X-Frame-Options" header cannot be "Deny". When tested on a Spring web app, adding the following in WebSecurityConfigurerAdapter fixes the issue:

headers()
    .frameOptions()
        .disable()

natf17 commented 4 years ago

See 1181a3118e9ebdb72abf75905e38a4bd7eae6da0