X-Frame SAMEORIGIN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2015 11:21 AM
Hello,
Is there any way in ServiceNow to add trusted origins, as opposed to opening things up to all origins below? What I'd like to do is embed UI Pages from ServiceNow in a Drupal site.
Thanks!
| glide.set_x_frame_options | Enable this property to set the X-Frame-Options response header to SAMEORIGIN for all UI pages. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. https://developer.mozilla.org/en/the_x-frame-options_response_header Default: Yes |
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2015 07:26 AM
Have you had any response on this question? We have the same need.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2015 07:43 AM
I think I asked HI about this and there was no way to just add trusted origins. It's all or nothing. In my case we ended up using the API and building a page using AngularJS.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2015 11:38 AM
Thanks Dan. We opened our own ticket. It will probably be followed by an enhancement request that will get little traction.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2018 03:45 AM
Enhancement request has been raised in order to support the "X-Frame-Options: allow-from https://example.com/" whitelisting Kind of options.
If you need it please raise an incident on HI to get assigned to it 🙂
