I want to embed in another website a mashup as iframe.
I have done the configuration like explained in the help :
In the filter "ClickjackFilterWhiteList", I have added domain : http://aa.bb.fr
But it's not working...
With Postman, when I do a get on my url:
I can see the headers:
Content-Security-Policy : frame-src http://aa.bb.fr
Content-Security-Policy : frame-ancestors http://aa.bb.fr
X-Frame-Options : ALLOW-FROM http://aa.bb.fr
So, I guess my config in web.xml is ok.
In the browser, when I enter my url :
The page load but is redirect to url :
I can see in the console that CSP (content-security-policy) are not set here. Just the default :
Did you get a chance to check the article previously provided? If if helped to solve your issue, please mark the appropriate response as the Accepted Solution for the benefit of others with the same issue.