Skip to content Skip to sidebar Skip to footer
Home / Clickjacking / Extjs / Javascript / Spring Boot / Spring Security

X-frame-options: Deny Is Not Working For Spring Boot Rest Api

Post a Comment
My Project has ExtJs as Front end and Spring boot as backend. ExtJs will call spring boot which will respond with JSON. I wanted to prevent clickjacking attack in my project. I hav

Solution 1:

Use the 'DENY' option to prevent all framing, or 'SAMEORIGN' to only allow framing by the origin domain if required for application functionality.

Legacy browsers may not support the 'XFRAME OPTIONS' header and require JavaScript based protection against clickjacking. Information about JavaScript based protection can be found at https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Shee

Solution 2:

X-Frame-Options: DENY should do the trick if it is available in the response header. It won't allow the site to load into iframe by default browser settings. If you may be changed the browser settings or having any plugin that will disable iframe options then it won't work. you can try using another browser or in incognito mode

Solution 3:

The issue was resolved by setting Header always append X-Frame-Options DENY in apache server conf file

Post a Comment for "X-frame-options: Deny Is Not Working For Spring Boot Rest Api"