On Tue, Mar 8, 2022 at 9:31 AM Toine <[email protected]> wrote:
> ... > Previous behavior, before (with Guacamole-client 1.3): > I click on that link and I'm immediately connected to my remote host. > > Current behavior, after (with Guacamole-client 1.4): > I click on that link and visually, all I get is a black screen in my > browser. > If I refresh in my browser, it's not better. > If I edit the URL to remove the tokens, and validate that URL in the > address bar, then it works. > > Again, if I set X-Frame-Options to SAMEORIGIN, the above issue disappears. > Can you see in browser dev tools the specific request that is blocked unless "SAMEORIGIN" is set? As far as frames are concerned, Guacamole uses an iframe to initiate downloads of files and an object to receive local resize events, but this has been the case long before 1.4.0. It's not immediately clear why anything would behave differently in 1.4.0 vs 1.3.0 solely due to "X-Frame-Options". - Mike
