Set X-Frame-Options header to sameorigin

If this header is set to deny, then operations cannot be performed from the network topology page as the <svg> tag is a kind of <embed> and access is restricted from there. Setting it to sameorigin allows operations from the network topology page as long as they belong to the same web application (same origin). Related-Bug: #2077024 Change-Id: Ifcc9725bad34178a3eb606e9f822d2a68f5bf987
2024-08-31 20:31:29 -03:00 · 2024-08-31 20:31:29 -03:00 · ef031d40bd
commit ef031d40bd
parent c2503c7c65
1 changed files with 1 additions and 0 deletions
--- a/templates/default
+++ b/templates/default
@ -36,4 +36,5 @@

        KeepAliveTimeout 75
        MaxKeepAliveRequests 1000
+        Header set X-Frame-Options: "sameorigin"
 </VirtualHost>