How do I set X-Frame-Options response header with a value of allow-from using spring java config?
http.headers().disable()
.addHeaderWriter(new XFrameOptionsHeaderWriter(
new WhiteListedAllowFromStrategy(
Arrays.asList("https://example1.com", "https://example2.com"))));
In Http Response headers I get:
X-Frame-Options:"ALLOW-FROM DENY".
Why aren't my origins listed in the header value?
I ended up adding my headers statically like below:
http
.headers().frameOptions().disable()
.addHeaderWriter(new StaticHeadersWriter("X-FRAME-OPTIONS", "ALLOW-FROM example1.com"));