Hello Team, We are trying to integrate FS app infot another java app which is running on other port. That means that while using i-frame we get X-Frame-Options Header which deny such an action.

According to the documentation of Tomcat9 we added some params to the Tomcat config file and they work for other apps:


but seems that somewhere in the application .war file this is overrided because it always returns

$ curl -I http://ip:port/formspider2/main.html?name=CL0060305\&sid=784778

HTTP/1.1 200  Cache-Control: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Path=/formspider2; HttpOnly

X-Frame-Options: SAMEORIGIN

Transfer-Encoding: chunked Date: Thu,
17 Jan 2019 14:47:04 GMT

Is there any way to make it work in frame?

asked 17 Jan '19, 09:56

viktorK's gravatar image

accept rate: 0%

edited 17 Jan '19, 09:57

Hi Anatoly,

You are right that SAMEORIGIN header is set under the hood as a security restriction.

It is configured inside "main.jsp" file at the root level. You can modify this file according to your requirements.

Kind Regards, Serdar


answered 18 Jan '19, 05:59

Serdar's gravatar image

Serdar ♦♦
accept rate: 12%

thanks! that worked

(18 Jan '19, 07:14) viktorK
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 17 Jan '19, 09:56

Seen: 1,218 times

Last updated: 18 Jan '19, 07:14

Related questions

© Copyright Gerger 2017