Hello All,

How to add  X-Frame-Options and X-XSS-Protection headers to web application?


Thanks in advance

Prajakta

Hi Prajakta,

Use HttpRequestHandler for adding any tag or resource to your header.

Regards,

Pankaj


Hi,

If its just for one screen you can use the method from HttpRequestHandler extensionifits for all the screens in module then go through the post below and use FactoryConfiguration forge component

https://www.outsystems.com/forums/discussion/44851/how-to-add-custom-response-headers-manipule-web-config-for-cases-like-cors/.

Regard.

Solution

Prajakta Roshankhede wrote:

Hello All,

How to add  X-Frame-Options and X-XSS-Protection headers to web application?


Thanks in advance

Prajakta


Hi,


Please use Factory component and follow the given step to implement mentioned headers,


1. Go to Shared tab


2. Add custom header

3.  Go to Espace Tab and associate that custom header to the desired application.


<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
    <xsl:output method="xml" indent="yes" encoding="UTF-8"/>
    <xsl:template match="@*|node()">
        <xsl:copy>
            <xsl:apply-templates select="@*|node()"/>
        </xsl:copy>
    </xsl:template>
    <xsl:template match="/configuration/system.webServer/httpProtocol/customHeaders">
        <xsl:copy>
            <xsl:apply-templates select="@*|node()"/>
            <add name="X-Frame-Options" value="SAMEORIGIN" />
            <add name="X-XSS-Protection" value="1; mode=block" />
        </xsl:copy>
    </xsl:template>
</xsl:stylesheet>

I am using this so you can implement.

Solution

JitendraYadav wrote:

Prajakta Roshankhede wrote:

Hello All,

How to add  X-Frame-Options and X-XSS-Protection headers to web application?


Thanks in advance

Prajakta


Hi,


Please use Factory component and follow the given step to implement mentioned headers,


1. Go to Shared tab


2. Add custom header

3.  Go to Espace Tab and associate that custom header to the desired application.


<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
    <xsl:output method="xml" indent="yes" encoding="UTF-8"/>
    <xsl:template match="@*|node()">
        <xsl:copy>
            <xsl:apply-templates select="@*|node()"/>
        </xsl:copy>
    </xsl:template>
    <xsl:template match="/configuration/system.webServer/httpProtocol/customHeaders">
        <xsl:copy>
            <xsl:apply-templates select="@*|node()"/>
            <add name="X-Frame-Options" value="SAMEORIGIN" />
            <add name="X-XSS-Protection" value="1; mode=block" />
        </xsl:copy>
    </xsl:template>
</xsl:stylesheet>

I am using this so you can implement.


Thank you so much !

Thanks enjoy OS coding!