Hi Wickers

In my Wicket app, I had another filter, prior to wicket app, that used to add 
headers to every request to the webapp. 
One of this headers was X-Frame-Options with value deny, which prevents pages 
and elements to be used into an <iframe>; its recommended for security reasons 
(XSS and 

In some forms, however, it blocked updates and inner-reloads (specially when a 
file upload was involved); it has been a little knigthmare to find what was 
going on.

So I removed this header, setting it only in wicket pages

I hope you find it useful.

    > > > Oscar Besga Arcauz  < < < 
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Reply via email to