[GeoNode-users] GeoServer X-Frame Options

Giovanni Allegri giovanni.allegri at geosolutionsgroup.com
Wed Mar 29 05:58:01 PDT 2023

You could try setting the configuration
in /usr/local/tomcat/webapps/geoserver/WEB-INF/web.xml inside the GeoServer
container, and then restart Tomcat (catalina.sh stop; catalina.sh atart).



On Tue, Mar 28, 2023 at 6:51 AM Ramesh De Silva <desilvarami at gmail.com>

> Hi,
> To protect against clickjacking attacks, X Frame option is set to
> "SAMEHOST" in both GeoNode and GeoServer. I checked the Stable Demo GeoNode
> and it is accordance with this. But in my local GeoNode, only GeoNode URLs
> show the X-Frame header but not the GeoServer URLs. Please see the attached
> image.
> Can someone provide a guide to set the X Frame options in geoserver
> container or possible reason for above behavior.
> Thank you.
> Kind Regards
> Ramesh
> _______________________________________________
> geonode-users mailing list
> geonode-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/geonode-users



GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.

Dott. Giovanni Allegri

Technical Lead / Project Manager

GeoSolutions Group
phone: +39 0584 962313
cell:     +39 345 2815774

fax:      +39 0584 1660272


Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
precisa che ogni circostanza inerente alla presente email (il suo
contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. We remind that - as provided by
European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
e-mail or the information herein by anyone other than the intended
recipient is prohibited. If you have received this email by mistake, please
notify us immediately by telephone or e-mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20230329/5f1a5dcc/attachment.htm>

More information about the geonode-users mailing list