const classafSleepSafe::FrameOptionsGuard
sys::Obj afSleepSafe::FrameOptionsGuard : afSleepSafe::Guard
Guards against clickjacking by setting an X-Frame-Options
HTTP response header that tells browsers not to embed the page in a frame.
X-Frame-Options: SAMEORIGIN
See X-Frame-Options on MDN and RFC 7034 for details.
IoC Configuration
afIocConfig Key | Value |
---|---|
| Defines who's allowed to embed the page in a frame. Set to |
Example:
@Contribute { serviceType=ApplicationDefaults# } Void contributeAppDefaults(Configuration config) { config["afSleepSafe.frameOptions"] = "deny" }
To disable, remove this class from the SleepSafeMiddleware
configuration:
@Contribute { serviceType=SleepSafeMiddleware# } Void contributeSleepSafeMiddleware(Configuration config) { config.remove(FrameOptionsGuard#) }