Framing options
WorldServer restricts page framing in order to prevent potential clickjacking attacks. By default, the X-Frame-Options HTTP header is set to SAMEORIGIN, which means that WorldServer web pages can be included as frames only in top-level pages which have the same origin.
To configure trusted origins from which frames can originate, you need to add a configuration file called csp_frame_ancestors.properties to the main WS_CONFIG folder. Then, within the file, add trusted origins as part of key-value pairs (
ws_relative_url = origin_instance_url), where:
ws_relative_urlis a relative URL (such as /ws-legacy/viewer)origin_relative_urlincludes one or more trusted origins (such as http://myworldserverinstance.com:8080)