Introduction / FirstSpirit Server configuration / Configuration files (FirstSpirit Server) / FirstSpirit Server (fs-server.conf) / X-Frame-Options header
Area: X-Frame-Options header
frameOptionsHeader
The behavior of the HTTP header “X-Frame-Options” for the FirstSpirit web applications fs5root (start page and SiteArchitect) and fs5webmon (ServerMonitoring) can be controlled via the parameter frameOptionsHeader.
#####################################################
# X-Frame-Options header to control frame embedding
# of FirstSpirit fs5root or fs5webmon webapplication
#####################################################
# X-Frame-Options header value
# - DENY do not allow embedding in a frame
# - SAMEORIGIN only allow embedding in a frame from a page of the same origin
# - ALLOW_ALL do not limit embedding / do not set X-Frame-Options header
frameOptionsHeader=SAMEORIGIN
Possible values:
- DENY prohibits embedding of the web applications into a frame
- SAMEORIGIN prohibits embedding of the web applications into a frame which is not located on the same host (default value)
- ALLOW_ALL allows embedding of the web applications into a frame
If embedding of the FirstSpirit web applications (or LiveEdit) into frames of another host should be allowed or if such embedding should generally be prohibited, the configuration parameter must be set to the appropriate value.