Fixing refused to display URL in a frame because it set X-Frame-Options to SAMEORIGIN – Jenkins

Posted on by Arpit Aggarwal

If you are trying to embed Jenkins page in another page then you might get following exception:

Refused to display http://localhost:8080/jenkins in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’

It’s refused because X-Frame-Options HTTP response header is set to SAMEORIGIN to avoid clickjacking attacks, by ensuring that content cannot embedded into other sites.

If you are facing the same problem as me then you can fix it restarting the Jenkins setting the system property -Djenkins.security.FrameOptionsPageDecorator.enabled as false from Jenkins 1.581, as follows:


java -Djenkins.security.FrameOptionsPageDecorator.enabled=false -jar jenkins.war

Along with setting the ALLOW-FROM uri in a page where you want to embed Jenkins page.

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s