Hello,
I need to embed perspective screens in some company internal websites. The default X-Frame-Options forbids this, as the internal websites are not hosted using the same hostname.
I'd like to not switch the mechanism off entirely. Is there a way to add Content-Security-Policy headers so that I could add the necessary domains as frame-ancestors?
Best regards, Martin
Yes, various headers can be customized by providing appropriate system property flags in the ignition.conf file:
Thank you for the answer.
Is there a general method I'm not seeing? That page doesn't mention content security policy headers as far as I can tell.
Ah, yeah, my bad. We don't have a way to supply arbitrary CSP directive(s); that's an internal feature ticket I just added this thread to.