mirror of
https://github.com/strapi/strapi.git
synced 2025-07-23 17:10:08 +00:00
28 lines
439 B
Markdown
28 lines
439 B
Markdown
|
---
|
||
|
|
title: X-Frame
|
||
|
|
---
|
||
|
|
|
||
|
|
Enables `X-Frame-Options` headers to help prevent Clickjacking.
|
||
|
|
|
||
|
|
## Configuration
|
||
|
|
|
||
|
|
Configuration:
|
||
|
|
|
||
|
|
- Key: `xframe`
|
||
|
|
- Environment: `development`
|
||
|
|
- Location: `./config/environments/development/security.json`
|
||
|
|
- Type: `string`
|
||
|
|
|
||
|
|
Example:
|
||
|
|
|
||
|
|
```js
|
||
|
|
{
|
||
|
|
"xframe": "SAMEORIGIN"
|
||
|
|
}
|
||
|
|
```
|
||
|
|
|
||
|
|
Notes:
|
||
|
|
|
||
|
|
- The string is the value for the header: `DENY`, `SAMEORIGIN` or `ALLOW-FROM`.
|
||
|
|
- Set to `false` to disable X-Frame-Options headers.
|