Jenkins 1.532.2 sets X-Frame-Options to sameorigin |https://github.com/cloudbees/hudson/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6]. While this prevents attacks via frame embedding, it also prevents any desirable embedding of Jenkins in a frame.
This should be configurable "somehow." Either via an extension point, or allowing PageDecorators to set the header property by changing the order of layout.jelly.
- is duplicated by
-
JENKINS-21842 Need a way to permit Jenkins to be visible in selected iframes
- Resolved
-
JENKINS-22168 Jenkins does not work inside HTML frame's anymore
- Resolved
- is related to
-
JENKINS-22430 XFrame Filter Plugin forgets settings upon Jenkins restart
- Resolved
- links to