[keycloak-user] Setting X-Frame-Options in jobs/undertow
Keats Kirsch
keats.kirsch at axleinfo.com
Mon May 13 15:08:01 EDT 2019
Posting in case anyone else has this issue. We were getting errors loading iframes in the KeyCloak console due to the X-Frame-Options being set to “deny” by default in our environment (Cloud Foundry). The fix was to set the X-Frame-Options explicitly in the undertow/jboss subsystem configuration in the configuration file (e.g., standalone.xml). We just added a response-header filter and pointed to it with a filter-ref under the default-host setting.
Our XML looks like this:
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
<buffer-cache name="default" />
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" />
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true" />
<host name="default-host">
<location name="/" handler="welcome-content" />
<filter-ref name="xFrameOptions" />
</host>
</server>
<servlet-container name="default" eager-filter-initialization="true">
<jsp-config />
<websockets />
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content" />
</handlers>
<filters>
<response-header name="xFrameOptions" header-name="X-Frame-Options" header-value="SAMEORIGIN" />
</filters>
</subsystem>
Hope this helps.
--
Keats Kirsch
Auth Lead
Axle Informatics
http://axleinfo.com/
Keats.Kirsch at axleinfo.com<mailto:Keats.Kirsch at axleinfo.com>
More information about the keycloak-user
mailing list