I have an application that's deployed on wildfly on a centos server.
I have two other applications that access a page of my application using iframe. What I access that I page, that's all I see in console:
1 Refused to display 'APP_URL' in a frame because it set 'X-Frame-Options' to 'deny'.
I know the reason behind this all and I want to allow my wildfly web-server to allow it from my 2 domains like this
X-Frame-Options: ALLOW-FROM https://example.com/
where can I configure this setting in wildfly? I know about apache server, it's done in httpd.conf file but I want to do this in wildfly.
I've configured the "SAMEORIGIN" option in wildlfy once. I suppose the "ALLOW-FROM" should be pretty similar.
You need to make this change in the undertow subsystem of Standalone.xml.
You should find the below settings in your xml.
<subsystem xmlns="urn:jboss:domain:undertow:1.0">
<buffer-caches>
<buffer-cache name="default" buffer-size="1024"
buffers-per-region="1024" max-regions="10" />
</buffer-caches>
<server name="default-server">
<http-listener name="default" socket-binding="http" />
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content" />
</host>
**<filter-ref name="xFrameOptions" />**
</server>
<servlet-container name="default"
default-buffer-cache="default" stack-trace-on-error="local-only">
<jsp-config />
<persistent-sessions />
</servlet-container>
<handlers>
<file name="welcome-content"
path="${jboss.home.dir}/welcome-content" directory-listing="true" />
</handlers>
**<filters>
<response-header name="xFrameOptions"
header-name="X-Frame-Options"
header-value="allow-from https://example.com/" />
</filters>**
</subsystem>
Make sure, you add the filter-reference and then use the reference to add the X-Frame-Options for response-header.
You can do this by manually editing the standalone.xml or by using jboss-cli.
Thanks,
Kamal
Related
I'm trying to put my web site on line.
For that, I've a debian and a jetty server.
When I try to go on my web site, it show my the homepage, so, this is ok.
But, when I try to log in, it put me an error message.
It's working on my local machine with this configuration :
<?xml version="1.0" encoding="utf-8"?>
<domain project-version="6">
<map name="datamap"/>
<node name="datanode"
factory="org.apache.cayenne.configuration.server.XMLPoolingDataSourceFactory"
>
<map-ref name="datamap"/>
<data-source>
<driver value="com.mysql.jdbc.Driver"/>
<url value="jdbc:mysql://127.0.0.1:3306/database"/>
<connectionPool min="1" max="10"/>
<login userName="username" password="password"/>
</data-source>
</node>
</domain>
So,I verified the username and password are ok. I tried to execute my web site on my own machine with the new configuration :
<url value="jdbc:mysql://serverip:3306/database"/>
What did I miss?
The error message is :
(I'm sorry, I'm trying to find where I can find the jetty log on the server, I will update it with the full stack)
I supposed I forget one information?
I'm sure about my password and login for the mysql on the server. I'm using SSH, the configuration is in my workbench :
I'm using maven, so I add mysql in the pom.xml :
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.6</version>
</dependency>
I read that can be because we didn't put the mysql in the classpath. But, that should works, shouldn't it?
EDIT : I tried : <url value="jdbc:mysql://serverusername#serverpwd/serverip:3306/database"/>, without success...
EDIT 2 : This configuration is working :
<node name="datanode"
factory="org.apache.cayenne.configuration.server.XMLPoolingDataSourceFactory"
schema-update-strategy="org.apache.cayenne.access.dbsync.CreateIfNoSchemaStrategy">
<map-ref name="datamap" />
<data-source>
<driver value="com.mysql.jdbc.Driver" />
<url value="jdbc:mysql://127.0.0.1/database" />
<connectionPool min="1" max="1" />
<autoReconnect> true</autoReconnect>
<failOverReadOnly> false</failOverReadOnly>
<login userName="userName" password="password" />
</data-source>
</node>
The connection may be timing out. Try adding this to the URL: ?connectTimeout=0&autoReconnect=true. For an even more reliable result, try using an external connection pool, e.g. Hikari, with appropriate reconnect properties. Cayenne can be instructed to use an external connection pool on startup via ServerRuntime.builder(..).dataSource(dataSource)..
I've been working on a ASP.NET web application project in Visual Studio. In that project, when the user enters the hostname they get a 404 error but what I would like to happen is for them to be redirected to the index.html when they have just entered the hostname.
Below is the code that I tried using but it didn't work. It said there were too many redirects which I think has something to do with the path value being empty
<location path="">
<system.webServer>
<httpRedirect enabled="true" destination="index.html" httpResponseStatus="Permanent" />
</system.webServer>
</location>
Does anyone have an suggestions?
If you are using MVC you could create a default route but since you asked for a way to do it in web.config try:
<configuration>
<system.web>
<customErrors defaultRedirect="index.html" mode="On">
<error statusCode="404" redirect="index.html"/>
</customErrors>
</system.web>
</configuration>
I have a website inside which I have a directory I want to keep private. My login page is inside this directory called admin.aspx.
In my main Web.Config I have the following block:
<authentication mode="Forms">
<forms loginUrl="~/Account/admin.aspx" name=".ASPXFORMSAUTH"></forms>
</authentication>
And then in my subdirectory I have a second web.config file with the following:
<location path="admin.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
However when I try to get to admin.aspx I get this error:
The web page at http://localhost:51167/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252Fadmin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252fAccount%2525252525252525252525252525252525252fadmin has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
I don't understand why it's got itself in a loop. If I change web.config (inside the directory) to simply say:
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
I can get to it so is it something with the location option?
Thanks.
I need my css to show for my login page, but it's not showing at the moment. How would I go about allowing access to my login page with the css included? Im using forms authentication, and my code block for my web.config file looks as such:
<authentication mode="Forms">
<forms loginUrl="UserAccount/Login" defaultUrl="UserAccount/Index" timeout="60"></forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
My site.css is in my /Content/Site.css path. How do I add it to allow access to this file to all users?
the <deny users="?"/> denies anonymous users from accessing the css file. (read here)
so you'll need to put the following into your <configuration> block within web.config
<location path="Content">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
you can read some more about this here
I work this out by the followings steps:
IIS Manager
Authentication
Right Click Anonymous Authentication.
Switch to application pool identity
Stumbled across this, cause I needed the same thing. Here is a solution:
<location path="Content">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
As is writer here (I used the link from the previous answer) this will give the unauthenticated user access to all the files in the Content folder, and the css file is in this folder.
P.S. sorry guys, this is the same as the previous answer, just ignore this
I want to expose an implementation of a contract over a WebHttpBinding with SecurityMode: transport (SSL).
However, when I try to access the site via Firefox, I only get
The connection to localhost was interrupted while the page was loading.
The config file is as follows:
<configuration>
<system.serviceModel>
<services>
<service name="MyService">
<endpoint address="https://localhost"
binding="webHttpBinding"
contract="MyService"
bindingConfiguration="secureWebHttp">
</endpoint>
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="secureWebHttp">
<security mode="Transport"/>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
If host within IIS, you need to configure the hosting website security to use an ssl certificate on port 443 in this case.
You also need to configure the service behavior to set the certificate name and store. Particularly when hosting the wcf service as windows services, the certificate needs to be set for the port that you want to use. for example httpcfg.exe or netsh in vista.
Check out MSDN Configuring HTTP and HTTPS