Verdaccio

X-Frame-Options deny #2102

Answered by DanielRuf

lstrive-yn asked this question in Q&A

lstrive-yn
Feb 23, 2021

I want to use the sit built by Verdaccio via iframe for other projects in the Intranet but I got this error:

Refused to display 'http:// . .cc/' in a frame because it set 'X-Frame-Options' to 'deny'.

I configured nginx to send the X-Frame-Options header, add SAMEORIGIN always to server configuration but it doesn't work;

how should I do? thanks!

Answered by DanielRuf

See https://github.com/verdaccio/verdaccio/search?q=FRAMES_OPTIONS and especially

verdaccio/src/api/middleware.ts

Line 23 in 39376be

res.header(HEADERS.FRAMES_OPTIONS, 'deny');

. We set this to prevent some types of attacks.

View full answer

Replies: 2 comments

DanielRuf
Feb 23, 2021

See https://github.com/verdaccio/verdaccio/search?q=FRAMES_OPTIONS and especially

verdaccio/src/api/middleware.ts

Line 23 in 39376be

res.header(HEADERS.FRAMES_OPTIONS, 'deny');

. We set this to prevent some types of attacks.

0 replies

Answer selected by juanpicado

lstrive-yn
Feb 24, 2021
Author

I get it, thanks a lot 发自我的iPhone

在 2021年2月23日，15:29，Daniel Ruf ***@***.***> 写道： See https://github.com/verdaccio/verdaccio/search?q=FRAMES_OPTIONS and especially https://github.com/verdaccio/verdaccio/blob/39376be34514f4c7e1d3a0f403a8dad30f7a3f72/src/api/middleware.ts#L23. We set this to prevent some types of attacks. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

0 replies

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment