Documentation Home
⤤ Stallion Home
⤤ JavaDoc
Tutorials
Flat-file Website or Blog Javascript Web Application Java Web Application Publishing your site to a server
Reference Guide
Javascript and CSS Asset Bundling Models, Data Access, and Querying SQL Databases RESTful Endpoints Monitoring Templating Users and Authentication Settings and Configuration
Common Tasks
Sending Emails Asynchronous Tasks and Scheduled Tasks Recurring Jobs Fetching External Web Pages Caching Using Date and Time Simple Encryption and Decryption Sanitizing HTML Logging
Minor Features
CORS XSRF Protection Clickjacking Protection Redirects and Rewrites
Warning! This documentation is a work in progress. Expect things to be out of date and not actually work according to instructions.

Clickjacking Protection

To prevent clickjacking attacks, by default, Stallion adds the header “X-Frame-Options: SAMEORIGIN” to only allow iframes from the same domain.

You can override this globally in your stallion.toml file by adding a setting `xFrameOptions=“ALLOW-FROM https://example.com/

You can override this for a particular endpoint by manually setting the header using Context.response().addHeader().

© 2024 Stallion Software LLC