'Set X-frame-options to SAMEORIGIN in angular 6 to block site in iframe tag
I want to block my site in the <iframe> tag. On research I found that to do so, I need to set the header as 'x-frame-options' to 'SAMEORIGIN'.
Tried setting the meta tag as
<meta http-equiv="X-Frame-Options" content="deny">
But this method is outdated since April 2016.
When I am trying to search it is giving me the result for httpClient. But I want the same when Someone hit my url through .
Do I need to set the header through node or need to do some changes in angular.json
My site is working on node server with URL http://localhost:4200/.
Solution 1:[1]
You cannot do it on angular side, only on server side.
I think you can use this npm package:
Solution 2:[2]
If you are using any webserver like Nginx, Apache HTTP Server
example for how to use in Nginx
add_header X-Frame-Options "SAMEORIGIN";
in global scope, or location scope. Better to do in location scope. Because, as soon as you add some header in location scope, the global scope will not reflect
Additional
You can take care of more things using the header like cross-site scripting
add_header X-XSS-Protection "1; mode=block";
Even though nowadays browsers are helping to reduce cross-site scripting. More detail description in here
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | jasie |
| Solution 2 |