const classafSleepSafe::FrameOptionsGuard

sys::Obj
  afSleepSafe::FrameOptionsGuard : afSleepSafe::Guard

Guards against clickjacking by setting an X-Frame-Options HTTP response header that tells browsers not to embed the page in a frame.

X-Frame-Options: SAMEORIGIN

See X-Frame-Options on MDN and RFC 7034 for details.

IoC Configuration

afIocConfig Key

Value

afSleepSafe.frameOptions

Defines who's allowed to embed the page in a frame. Set to DENY to forbid any embedding, SAMEORIGIN to allow embedding from the same origin (default), or ALLOW-FROM https://example.com/ to specify a host.

Example:

@Contribute { serviceType=ApplicationDefaults# }
Void contributeAppDefaults(Configuration config) {
    config["afSleepSafe.frameOptions"] = "deny"
}

To disable, remove this class from the SleepSafeMiddleware configuration:

@Contribute { serviceType=SleepSafeMiddleware# }
Void contributeSleepSafeMiddleware(Configuration config) {
    config.remove(FrameOptionsGuard#)
}