Got the server-side working. The code bit from owasp was errant....and apparently has been since 2013.
On Monday, November 3, 2014 8:04:59 AM UTC-5, Nathan Weinrich wrote: > > Thank you. I am deploying to tomcat. I tried the method suggested by > owasp, of putting their class in my deploy and then putting the proper > filter config in the web.xml, but it did not add the header when i > inspected via chrome developer tools. > > > On Friday, October 31, 2014 4:12:32 PM UTC-4, Eric Eslinger wrote: >> >> This is the kind of thing that needs to be set on the server side, rather >> than on the client side, as I understand it. So it depends a lot on how >> you're serving up your angular partials and stuff. >> >> On Fri Oct 31 2014 at 1:09:41 PM Nathan Weinrich <[email protected]> >> wrote: >> >>> Here is the motivation for this. >>> https://www.owasp.org/index.php/ClickjackFilter_for_Java_EE >>> >>> >>> On Friday, October 31, 2014 1:00:02 PM UTC-4, Nathan Weinrich wrote: >>>> >>>> I need to set the x-frame-options on my partial responses. I can not >>>> find how to do this anywhere. All i find i how to set it in java or on >>>> the >>>> $http calls, but nothing on the partials i return to the browser. Which >>>> are the once susceptible to clickjacking attacks. >>>> >>>> thanks! >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "AngularJS" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at http://groups.google.com/group/angular. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
