Any solutions on this? On Thu, Aug 29, 2019 at 4:34 PM Rajesh Gupta < rajesh.gu...@veersoftsolutions.com> wrote:
> Hi, > I am trying to set X-frame-options headers. > > I added the following in the appengine-web.xml > > <include path="/**.html" > > <!-- Refer to clickjacking. QuickBooks security review email on Aug > 28 2019 --> > <http-header name="X-FRAME-OPTIONS" > value="DENY SAMEORIGIN" /> > <http-header name="Content-Security-Policy" > value="frame-ancestors 'none'" /> > </include> > > It is all fine, except for one case. > > For example, if I am running local and type > http://localhost:8888 : Then the headers are not added to the response > > However, http://localhost:8888/index.html, the headers are added to the > response > > How can I add the headers in the response for the case ' > http://localhost:8888' > > -- > Rajesh > *www.ServiceFolder.com <http://www.ServiceFolder.com>* > *Field Service Software on Google Cloud Platform and Mobile* > > > -- Rajesh *www.GainERP.com <https://www.gainerp.com/>* *Field Service Software on Google Cloud Platform and Mobile* -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/CA%2BS7ijZkN-OVdYzf85v9fZCwLBqvzmoX2SGWKAM5v%2B%2BYvwXD2g%40mail.gmail.com.
