Embed in webframe

[maluco68]

can somebody guide me how to embed "answer" in a webframe to my webpage? it shows always "refused to connect".

[fenbox]

There is indeed a problem, what is the purpose of doing so? @LinkinStars

[LinkinStars]

@maluco68 Due to security concerns, the X-Frame-Options header was set to DENY in the returned HTTP headers, thus preventing it from being embedded in other webpages.

https://github.com/apache/incubator-answer/blob/f7731bc675930f9cb9fa7a6f6346c102246b2c4d/internal/router/ui.go#L134

[maluco68]

@maluco68 Due to security concerns, the X-Frame-Options header was set to DENY in the returned HTTP headers, thus preventing it from being embedded in other webpages.

https://github.com/apache/incubator-answer/blob/f7731bc675930f9cb9fa7a6f6346c102246b2c4d/internal/router/ui.go#L134

as im a newbe in html an all that stuff, is there an option to allow? what i read is the "xframe allow-from http..." option is obsolete and will be ignored on certain browsers, what are the alternative options and how could i change it or is this deny rule fixed by your developers and not changeable by users?

[LinkinStars]

@maluco68 Since the X-Frame-Options option is fixed in the code, it cannot be changed by configuration or admin. It can only be removed by modifying the source code.

[sosyz]

These security settings are designed to ensure users can safely use answer. If you need to remove or customize these security settings to suit your environment, you can modify the response headers by configuring a reverse proxy server (such as Nginx or Caddy).