Possibility to enable X-Frame-Option
complete
Marc
With nextcloud we can add external websites thanks to iframes : https://docs.nextcloud.com/server/12/admin_manual/configuration_server/external_sites.html
How can we enable X-Frame-Option for SAMEORIGIN ?
Thanks
JeanC Ch. H.
Hello, do we have any update on this feature request?
Nicolas Giard
JeanC Ch. H.: Read the comments below before posting? It was added 4 years ago...
JeanC Ch. H.
Nicolas Giard: hey thanks for the reply, yes I confirm it is working. Thank you
Enrico Bernt
how I can toggle the x-frame-options? I want that it is not set, so that i could use a iframe to stream it at a cef browser.
I tryed to stop at powershell, change the security.js, and start.
nothing changed, even if i changed it to "SAMEORIGIN", my chrome browser show, that the wiki is at "deny".
Nicolas Giard
complete
You can now toggle the X-Frame-Option. More precise control for origins will come with the CSP feature, to be released in a future build.
Patrick Binksma
That feature would be really helpful. Right now I manually edit "security.js" in my docker container, which obviously does not survice any upgrades.
Instead of "SAMEORIGIN" I would suggest to use "ALLOW-FROM" with a configureable uri.
Nicolas Giard
planned