Hello,
this has been probably been already resolved but for reference, the
X-Frame-Option issue is related to Spring security policy:
https://docs.spring.io/spring-security/site/docs/4.1.0.RELEASE/reference/html/headers.html
If your application is running in the same domain, the issue can be
worked around by changing the corresponding code generating header in
DSpace
(dspace-server-webapp\src\main\java\org\dspace\app\rest\security\WebSecurityConfiguration.java)
to SAMEORIGIN. e.g. add
.and().headers().frameOptions().sameOrigin()
to configure method (e.g.
https://github.com/DSpace/DSpace/blob/dspace-7_x/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/WebSecurityConfiguration.java#L114
).
Additional note: the X-Frame-Options header itself seems to be deprecated
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
so it should be replaced with comprehensive Content Security Policy
header in the future.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
https://www.baeldung.com/spring-security-csp
Best regards,
Miika Nurminen
On 5.4.2023 10:05, PUSHPENDRA PANDEY wrote:
Dear Team,
We have show the bit stream content in frame but
error show "x-frame option directive set to deny".
I observed that its dspace content security policy how
to custmize that
--
All messages to this mailing list should adhere to the Code of Conduct:
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx <https://
www.lyrasis.org/about/Pages/Code-of-Conduct.aspx>
---
You received this message because you are subscribed to the Google
Groups "DSpace Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To view this discussion on the web visit https://groups.google.com/d/
msgid/dspace-community/5395cc64-fcdb-43b3-bcd3-
a7c324c50f47n%40googlegroups.com <https://groups.google.com/d/msgid/
dspace-community/5395cc64-fcdb-43b3-bcd3-
a7c324c50f47n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
All messages to this mailing list should adhere to the Code of Conduct:
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups "DSpace Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/dspace-community/ff96bed7-55d8-4bb3-84ad-a5704edc4c6b%40gmail.com.
