Clojurians Log v2
Clojure programming
Channels
Apps
pedestal
jdkealy 2020-08-31T16:12:00.007Z
I’m having trouble removing X-FRAME-OPTIONS headers. Right now, the setting is set to DENY. If I update the headers in an interceptor to “SAMEORIGIN”, it gets overwritten, however I want to remove the header altogether.
isak 2020-08-31T16:25:18.007100Z
There is probably a built in / default interceptor that has a :leave clause that executes after yours. Try adding an interceptor with a :leave as the very first interceptor.
isak 2020-08-31T16:26:19.007300Z
e.g.,:
(update ::http/interceptors
(fn [xs s] (into [s] xs))
(interceptor/interceptor
{:name :fix-xframe
:leave (fn [ctx]
;...
)}))jdkealy 2020-08-31T16:26:29.007500Z
Right I’ve done that. If I leave the X-FRAME-OPTIONS header undefined it just gets set to deny
jdkealy 2020-08-31T16:26:47.007700Z
If I set it to SAMEORIGIN, it stays as SAMEORIGIN
isak 2020-08-31T16:27:35.007900Z
Hmm, maybe it is coming from Jetty (or your webserver)