Protection against clickjacking


#1

Good afternoon,

The documentation does not say anything about clickjacking protection.
Is there an integrated way to customize the X-Frame-Options header that should be set on all web pages returned by our site served by girder ?

Thank you


#2

There’s nothing built into Girder for this. We normally deploy into production behind a reverse proxy such as nginx, which is a reasonable place to inject headers like this into responses. For nginx, see the add header directive.


#3

Thank you, that is what I wanted to know.