Hi,
I am trying to use Geoserver data into an JS WebGIS application.
I am having trouble disabling the X-Frame-Options from adding the SAMEORIGIN
header to incoming requests.
I have read the instructions on:
http://docs.geoserver.org/latest/en/user/production/config.html#x-frame-options-policy
My TOMCAT's conf/web.xml has deactivated X-FRAME-OPTIONS:
<filter> <filter-name>HttpHeaderSecurityFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>antiClickJackingEnabled</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher></filter-mapping>
Requests to localhost:8080/manager do not show the X-Frame-Options, so it
should be working.
My geoserver's web.xml has the following configuration:
<filter>
<filter-name>xFrameOptionsFilter</filter-name>
<filter-class>org.geoserver.filters.XFrameOptionsFilter</filter-class>
<init-param>
<param-name>geoserver.xframe.policy</param-name>
<param-value>DENY</param-value>
</init-param>
</filter> <filter-mapping>
<filter-name>xFrameOptionsFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
Each time I do a request to the geoserver I get a response with the dreaded
X-FRAME-OPTIONS: SAMEORIGIN Does anyone have any insight on how to set
geoserver to stop being secured against clickJacking?
BTW, this stackexchange answer is no good:
https://gis.stackexchange.com/questions/267758/setting-geoserver-x-frame-options
it breaks the geoserver if you use the values and it won't run.
Any ideas?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users