appserver-io
Default headers should be configurable
A customer would like to integrate an app delivered by appserver into another page as iframe. To enable this, the X-Frame-Options header need another value or needs be removed.
The default headers should be configurable AppserverIo/WebServer/ConnectionHandlers/HttpConnectionHandler.php
Hi @mwitte
did you try using the Header webserver module?
Example would be https://github.com/appserver-io/appserver/blob/1.1/resources/templates/etc/appserver/appserver.xml.phtml#L427 or in combination with a file location: https://github.com/appserver-io/appserver/blob/1.1/resources/templates/etc/appserver/appserver.xml.phtml#L437
The the module you can configure the header e.g. for a virtual host, globally or depending on certain conditions.
See also https://github.com/appserver-io/webserver/blob/master/src/AppserverIo/WebServer/Modules/HeaderModule.php
Does this solve your problem?
Best regards,
bernhard
The module must be included in your server's module stack configuration like this: https://github.com/appserver-io/appserver/blob/1.1/resources/templates/etc/appserver/appserver.xml.phtml#L519
No didn't try it and didn't know it :D But it seems that this module allows to modify existing and adding new headers but we need to remove this header completely?
Thank you
Yes, indeed. ^^
You could modify the header, but removing it won't work this way.
How about overriding the default Denywith Allow-From: <YOUR_DOMAIN>?
This should be doable?
See: https://github.com/appserver-io-psr/http-message/blob/master/src/AppserverIo/Psr/HttpMessage/Protocol.php#L351 https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options