<div dir="ltr"><div dir="ltr">Thank you for the instructions Giovanni. I have successfully configured X-Frame Options now. Though GeoServer official documentation explains the process, it does not provide a sample code. I tried a couple of such code blocks from different internet sources without success. Finally I found the following, which worked smoothly and I wish to share the same, as it may be useful for someone who is searching for sample code to implement this feature.</div><div dir="ltr"><br></div><div dir="ltr"><i><font color="#741b47"><filter><br> <filter-name>httpHeaderSecurity</filter-name><br> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class><br> <async-supported>true</async-supported><br> <init-param><br> <param-name>antiClickJackingEnabled</param-name><br> <param-value>true</param-value><br> </init-param><br> <init-param><br> <param-name>antiClickJackingOption</param-name><br> <param-value>DENY</param-value><br> /init-param><br></filter><br> <filter-mapping> <br> <filter-name>httpHeaderSecurity</filter-name> <br> <url-pattern>/*</url-pattern><br></filter-mapping></font></i><br></div><div dir="ltr"><br></div><div>Kind regards</div><div>Ramesh</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Mar 29, 2023 at 6:28 PM Giovanni Allegri <<a href="mailto:giovanni.allegri@geosolutionsgroup.com">giovanni.allegri@geosolutionsgroup.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">You could try setting <a href="https://docs.geoserver.org/latest/en/user/production/config.html#x-frame-options-policy" target="_blank">the configuration</a> in /usr/local/tomcat/webapps/geoserver/WEB-INF/web.xml inside the GeoServer container, and then restart Tomcat (catalina.sh stop; catalina.sh atart).<div><br><div>Giovanni<br><div><div><br></div><div>Giovanni</div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 28, 2023 at 6:51 AM Ramesh De Silva <<a href="mailto:desilvarami@gmail.com" target="_blank">desilvarami@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>To protect against clickjacking attacks, X Frame option is set to "SAMEHOST" in both GeoNode and GeoServer. I checked the Stable Demo GeoNode and it is accordance with this. But in my local GeoNode, only GeoNode URLs show the X-Frame header but not the GeoServer URLs. Please see the attached image.</div><div>Can someone provide a guide to set the X Frame options in geoserver container or possible reason for above behavior.</div><div><br></div><div>Thank you.</div><div><br></div><div>Kind Regards</div><div>Ramesh</div></div>
_______________________________________________<br>
geonode-users mailing list<br>
<a href="mailto:geonode-users@lists.osgeo.org" target="_blank">geonode-users@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/geonode-users" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/geonode-users</a><br>
</blockquote></div><br clear="all"><div><br></div><span>-- </span><br><div dir="ltr"><div dir="ltr"><span><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(34,34,34);font-family:Arial;font-size:11pt;white-space:pre-wrap">==</span><br></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">GeoServer Professional Services from the experts!</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">Visit </span><a href="http://bit.ly/gs-services-us" target="_blank"><span style="font-size:11pt;font-family:Arial;color:rgb(17,85,204);vertical-align:baseline;white-space:pre-wrap">http://bit.ly/gs-services-us</span></a><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"> for more information.</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">==</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">Dott. Giovanni Allegri</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">Technical Lead / Project Manager</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">GeoSolutions Group</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">phone: +39 0584 962313</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">cell: +39 345 2815774</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><span><span style="font-size:11pt;vertical-align:baseline">fax: +39 0584 1660272</span></span><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><a href="https://www.geosolutionsgroup.com/" target="_blank"><span style="font-size:11pt;font-family:Arial;color:rgb(17,85,204);vertical-align:baseline;white-space:pre-wrap">https://www.geosolutionsgroup.com/</span></a><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"> </span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><a href="http://twitter.com/geosolutions_it" target="_blank"><span style="font-size:11pt;font-family:Arial;color:rgb(17,85,204);vertical-align:baseline;white-space:pre-wrap">http://twitter.com/geosolutions_it</span></a><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"> </span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">-------------------------------------------------------</span></p><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-style:italic;vertical-align:baseline;white-space:pre-wrap">Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.</span><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-style:italic;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-style:italic;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-style:italic;vertical-align:baseline;white-space:pre-wrap">This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.</span><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-style:italic;vertical-align:baseline;white-space:pre-wrap"><br></span></span></div></div>
</blockquote></div></div>