Feature Request - Add X-Frame-Options customizability #3929
Closed
styris-ame
started this conversation in
Ideas
Replies: 2 comments
-
We already have this, just not via that specific header but via CSP, which overrules the header you mentioned. See: Line 342 in bc26bfa Also see:https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors |
Beta Was this translation helpful? Give feedback.
0 replies
-
Oh awesome, thank you! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Since the closure of issue 44, it is not possible to embed vaultwarden as an iFrame on webapps like Homarr or organizr.
Adding an option to allow a specific website(s) to use iFrames would resolve this issue. Something like this should work:
res.set_raw_header("X-Frame-Options", "ALLOW-FROM <WEBSITE>");
An example for
<WEBSITE>
might be:https://homarr.my-domain.com
Perhaps a docker environment variable could be used to specify this.
Beta Was this translation helpful? Give feedback.
All reactions