Warning! This documentation is a work in progress. Expect things to be out of date and not actually work according to instructions.
Clickjacking Protection
To prevent clickjacking attacks, by default, Stallion adds the header “X-Frame-Options: SAMEORIGIN” to only allow iframes from the same domain.
You can override this globally in your stallion.toml file by adding a setting `xFrameOptions=“ALLOW-FROM https://example.com/”
You can override this for a particular endpoint by manually setting the header using Context.response().addHeader().
© 2024 Stallion Software LLC