[GeoNode-users] GeoServer X-Frame Options
Giovanni Allegri
giovanni.allegri at geosolutionsgroup.com
Wed Mar 29 05:58:01 PDT 2023
You could try setting the configuration
<https://docs.geoserver.org/latest/en/user/production/config.html#x-frame-options-policy>
in /usr/local/tomcat/webapps/geoserver/WEB-INF/web.xml inside the GeoServer
container, and then restart Tomcat (catalina.sh stop; catalina.sh atart).
Giovanni
Giovanni
On Tue, Mar 28, 2023 at 6:51 AM Ramesh De Silva <desilvarami at gmail.com>
wrote:
> Hi,
>
> To protect against clickjacking attacks, X Frame option is set to
> "SAMEHOST" in both GeoNode and GeoServer. I checked the Stable Demo GeoNode
> and it is accordance with this. But in my local GeoNode, only GeoNode URLs
> show the X-Frame header but not the GeoServer URLs. Please see the attached
> image.
> Can someone provide a guide to set the X Frame options in geoserver
> container or possible reason for above behavior.
>
> Thank you.
>
> Kind Regards
> Ramesh
> _______________________________________________
> geonode-users mailing list
> geonode-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/geonode-users
>
--
==
GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services-us for more information.
==
Dott. Giovanni Allegri
Technical Lead / Project Manager
GeoSolutions Group
phone: +39 0584 962313
cell: +39 345 2815774
fax: +39 0584 1660272
https://www.geosolutionsgroup.com/
http://twitter.com/geosolutions_it
-------------------------------------------------------
Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
precisa che ogni circostanza inerente alla presente email (il suo
contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
This email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. We remind that - as provided by
European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
e-mail or the information herein by anyone other than the intended
recipient is prohibited. If you have received this email by mistake, please
notify us immediately by telephone or e-mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20230329/5f1a5dcc/attachment.htm>
More information about the geonode-users
mailing list