Hi Wickers
In my Wicket app, I had another filter, prior to wicket app, that used to add
headers to every request to the webapp.
One of this headers was X-Frame-Options with value deny, which prevents pages
and elements to be used into an <iframe>; its recommended for security reasons
(XSS and
CSRF )
In some forms, however, it blocked updates and inner-reloads (specially when a
file upload was involved); it has been a little knigthmare to find what was
going on.
So I removed this header, setting it only in wicket pages
I hope you find it useful.
> > > Oscar Besga Arcauz < < <
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
