Saiku-config spring-security allow IFrame to load Saiku home

Recently, a requirement was presented: presenting Saiku in an IFRAME home

Oh, it's not easy.

Direct <iframe src= "Http://localhost:8080/saiku"/> set in not to be finished? I'm really a genius.

Result: Whining ... Error ...

Error hint: refused to display ' http://localhost:8080/saiku/' in a frame because it set ' x-frame-options ' to ' DENY '.

There is a property in the header "X-frame-options" is set to "DENY" by default

Well, find out where the problem, looking for a half-day to find Ah ...

Today, PM says it's because:

Spring-security default is set this "X-frame-options" property to deny, in the configuration file changes under configuration is good

< security:http >    < security:headers >        <  policy= "Sameorigin"/>    </security:headers  ></security:http>

Policy Value Description

Deny means that the page is not allowed to be displayed in a frame, even if it is nested within the same domain name's page.
Sameorigin indicates that the page can be displayed in a frame on the same domain Name page.
The Allow-from URI indicates that the page can be displayed in a frame of the specified source. In other words, if set to DENY, not only in other people's site frame embedding will not load, in the same domain Name page will also be unable to load. On the other hand, if set to Sameorigin, then the page can be nested in the frame with the Domain Name page.

In this way, sure enough ...

By the the-by, spring security actually buried the pit by default ... It's killing me.

Saiku-config spring-security allow IFrame to load Saiku home