Any official way to set X-Frame-Options header?

[wildone]

Is your feature request related to a problem? Please describe. I would like to set X-Frame-Options header for all responses on CMS so that I can load CMS UI in an iFrame.

Describe the solution you'd like Would like to configure an OSGI config with headers to send with all responses.

Describe alternatives you've considered Running a proxy to do this. :(

[michalcukierman]

Hey @wildone !

I think you can add a header to SlingMainServlet in the feature model. We use custom headers in www.ds.pl:

"configurations": {
...
   "org.apache.sling.engine.impl.SlingMainServlet":{
      "sling.additional.response.headers":[
        "X-Content-Type-Options=nosniff",
        "X-Frame-Options=SAMEORIGIN",
        "Cache-control=no-cache",
        "Strict-Transport-Security=max-age=31536000"
      ]
    },
...
}

[michalcukierman]

I guess we need to have a section in the documentation on how to work with the feature models / configurations. WDYT @paweljozwicki ?

[paweljozwicki]

Totally agree.

[wildone]

I guess we need to have a section in the documentation on how to work with the feature models / configurations. WDYT @paweljozwicki ?

There is sample config in the archetype already, I have been using it. I'll be able to use this, thanks!

Docs on how to update Editor UI in various places would be good, see #156.

Ive managed to build publishing processor for clientlibs, that was fun to figure out. :D Oh yeah I got clientlibs capability :D

[wildone]

should I keep this open? @paweljozwicki

[paweljozwicki]

Yes, let's keep it open until we would prepare the documentation :)