Hi Team,
We got a request to enable x_frame_options_sameorigin = [False] . Since currently they couldn't able to view the same in Iframe.
So Would there be a config available to keep the security, though allow ONLY a specific address?
I.E.: Keep the setting "x_frame_options_sameorigin = [True ]" with an exception set to allow any URL string like "https://..com"
Another query is that by any chance can we can change x_frame_options_sameorigin property to support“X-Frame-Options: ALLOW-FROM https://..com/”? something like that
In Which path of the search head server should we need to edit the web.conf file. So will try the same from our end and check whether its working fine or not.
A
can anyone help on this request.
can anyone share their ideas how to proceed further
Had anyone worked on this?