+3
Under Review

X-frame-option

mholmes 4 years ago updated by Robert Oram 3 months ago 11

With the on-premise Linux-based version of ScreenConnect, I would like the ability to add the X-Frame-Options header without manually editing the Default.master file. This should be an option within the administrator configuration area.

Available in Version:

Answer

Answer
Completed

Hi Mholmes,

We added the ability to add custom headers via extensions in 5.6. I'll send you over an example of how to add X-Frame-Options.

Answer
Completed

Hi Mholmes,

We added the ability to add custom headers via extensions in 5.6. I'll send you over an example of how to add X-Frame-Options.

Under Review
Under Review
Under Review

any chance the rest of us can know how to do this? 

Hi Brandon,

I sent you an email containing the example.

can you send me the example as well?


Thanks,

Aaron

Hi Aaron, we actually just completed an extension entitled "X-Frame Options" that allows you to set the X-Frame-Options header for HTTP requests to DENY/SAMEORIGIN/ALLOW-FROM. It is now live on the marketplace. Please let us know if it meets your needs. 


-Max

I found the Extension after hours of searching and finally finding this post.  His original request was to have this option in the Admin tab, not as an extension.  If it must be an extension, I'd like to see it include all the header options,  Like:


  • Content-Security-Policy
  • Feature-Policy
  • HSTS
  • Referrer-Policy
  • X-Content-Type-Options
  • X-Frame-Options
  • X-XSS-Protection

Thanks