search

plone / plone.protect

HTTP protection utilities for the Plone CMS
https://pypi.org/project/plone.protect/
7 stars 8 forks source link

How to display within an iframe? #28

Closed spanish closed 8 years ago

spanish commented 8 years ago

Hello,

I need display a Plone 4 site within an iframe.

Please, how coul I do this with plone.protect 3.0.0 or higuer?

Thanks!

Manuel

vangheem commented 8 years ago

Check the documentation on the PLONE_X_FRAME_OPTIONS environment variable: https://pypi.python.org/pypi/plone.protect

Or override the X-Frame-Options header on your proxy server.

Remember, this opens you up to clickjacking attempts potentially.

vangheem commented 8 years ago

See https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

spanish commented 8 years ago

Thanks, Nathan.

I know the risk and I don't like this, but I can't avoid it currently (it's not my decision).

At least, using PLONE_X_FRAME_OPTIONS ALLOW-FROM http://domain.tld, I can limit the vulnerability to a single domain.

Regards,

Manuel