Discussion:
[AngularJS] How to set x-frame-options on response header
Nathan Weinrich
2014-10-31 17:00:02 UTC
Permalink
I need to set the x-frame-options on my partial responses. I can not find
how to do this anywhere. All i find i how to set it in java or on the
$http calls, but nothing on the partials i return to the browser. Which
are the once susceptible to clickjacking attacks.

thanks!
--
You received this message because you are subscribed to the Google Groups "AngularJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to angular+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/d/optout.
Nathan Weinrich
2014-10-31 20:09:29 UTC
Permalink
Here is the motivation for this.
https://www.owasp.org/index.php/ClickjackFilter_for_Java_EE
Post by Nathan Weinrich
I need to set the x-frame-options on my partial responses. I can not find
how to do this anywhere. All i find i how to set it in java or on the
$http calls, but nothing on the partials i return to the browser. Which
are the once susceptible to clickjacking attacks.
thanks!
--
You received this message because you are subscribed to the Google Groups "AngularJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to angular+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/d/optout.
Eric Eslinger
2014-10-31 20:12:12 UTC
Permalink
This is the kind of thing that needs to be set on the server side, rather
than on the client side, as I understand it. So it depends a lot on how
you're serving up your angular partials and stuff.
Post by Nathan Weinrich
Here is the motivation for this.
https://www.owasp.org/index.php/ClickjackFilter_for_Java_EE
Post by Nathan Weinrich
I need to set the x-frame-options on my partial responses. I can not
find how to do this anywhere. All i find i how to set it in java or on the
$http calls, but nothing on the partials i return to the browser. Which
are the once susceptible to clickjacking attacks.
thanks!
--
You received this message because you are subscribed to the Google Groups
"AngularJS" group.
To unsubscribe from this group and stop receiving emails from it, send an
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "AngularJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to angular+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/d/optout.
Nathan Weinrich
2014-11-03 13:04:59 UTC
Permalink
Thank you. I am deploying to tomcat. I tried the method suggested by
owasp, of putting their class in my deploy and then putting the proper
filter config in the web.xml, but it did not add the header when i
inspected via chrome developer tools.
Post by Eric Eslinger
This is the kind of thing that needs to be set on the server side, rather
than on the client side, as I understand it. So it depends a lot on how
you're serving up your angular partials and stuff.
Post by Nathan Weinrich
Here is the motivation for this.
https://www.owasp.org/index.php/ClickjackFilter_for_Java_EE
Post by Nathan Weinrich
I need to set the x-frame-options on my partial responses. I can not
find how to do this anywhere. All i find i how to set it in java or on the
$http calls, but nothing on the partials i return to the browser. Which
are the once susceptible to clickjacking attacks.
thanks!
--
You received this message because you are subscribed to the Google Groups
"AngularJS" group.
To unsubscribe from this group and stop receiving emails from it, send an
<javascript:>.
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "AngularJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to angular+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/d/optout.
Nathan Weinrich
2014-11-03 19:45:14 UTC
Permalink
Got the server-side working. The code bit from owasp was errant....and
apparently has been since 2013.
Post by Nathan Weinrich
Thank you. I am deploying to tomcat. I tried the method suggested by
owasp, of putting their class in my deploy and then putting the proper
filter config in the web.xml, but it did not add the header when i
inspected via chrome developer tools.
Post by Eric Eslinger
This is the kind of thing that needs to be set on the server side, rather
than on the client side, as I understand it. So it depends a lot on how
you're serving up your angular partials and stuff.
Post by Nathan Weinrich
Here is the motivation for this.
https://www.owasp.org/index.php/ClickjackFilter_for_Java_EE
Post by Nathan Weinrich
I need to set the x-frame-options on my partial responses. I can not
find how to do this anywhere. All i find i how to set it in java or on the
$http calls, but nothing on the partials i return to the browser. Which
are the once susceptible to clickjacking attacks.
thanks!
--
You received this message because you are subscribed to the Google
Groups "AngularJS" group.
To unsubscribe from this group and stop receiving emails from it, send
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "AngularJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to angular+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/d/optout.
Loading...