GitHub user krishna-pandey opened a pull request:
https://github.com/apache/zeppelin/pull/2482
[ZEPPELIN-2765] Configurable X-FRAME-OPTIONS for Zeppelin
### What is this PR for?
The X-Frame-Options HTTP response header can be used to indicate whether or
not a browser should be allowed to render a page in a <frame> or <iframe>.
Sites can use this to avoid Clickjacking attacks, by ensuring that their
content is not embedded into other sites. Set the X-Frame-Options header for
all responses containing HTML content. The possible values are "DENY",
"SAMEORIGIN", or "ALLOW-FROM uri"
### What type of PR is it?
[Bug Fix | Improvement ]
### What is the Jira issue?
* [ZEPPELIN-2765](https://issues.apache.org/jira/browse/ZEPPELIN-2765)
### How should this be tested?
The application (Zeppelin) loads in iframe. Put below code in a html file
and open in browser:
<iframe src="<http_proto>://<zeppelin_host:<zeppelin_port>/#/" width="100%"
height="600"></iframe>
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/krishna-pandey/zeppelin ZEPPELIN-2765
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/2482.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2482
----
commit 518f1a4a213614d038b4fd554614afe8ec2c8c20
Author: krishna-pandey <krish.pande...@gmail.com>
Date: 2017-07-11T12:09:37Z
Configurable X-FRAME-OPTIONS for Zeppelin
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
