11:plugin-version: 2.0.0
22
3- == Grails X-Frame-Options Plugin
3+ = 🧩 Grails X-Frame-Options Plugin
4+
5+ https://central.sonatype.com/artifact/org.grails.plugins/x-frame-options[image:https://img.shields.io/maven-central/v/org.grails.plugins/x-frame-options[Maven
6+ Central]]
7+ https://github.com/grails-plugins/grails-x-frame-options-plugin/actions/workflows/ci.yml[image:https://github.com/grails-plugins/grails-x-frame-options-plugin/actions/workflows/ci.yml/badge.svg[CI]]
48
59Filter to set HTTP response header X-Frame-Options to defend against
610http://en.wikipedia.org/wiki/Clickjacking[ClickJacking].
@@ -9,13 +13,13 @@ More information about using X-Frame-Options for defending against clickjacking:
913
1014* https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet#Defending_with_X-Frame-Options_Response_Headers[OWASP - Defending with X-Frame-Options response headers]
1115
12- == Installation
16+ == 🚀 Installation
1317
14- These instructions are targeted towards Grails 7 installations. For older Grails versions refer to branch 1.x of the plugin.
18+ These instructions are targeted towards Grails 7 installations. For older Grails versions refer to branch ` 1.x` of the plugin.
1519
1620Add a dependency to `build.gradle`:
1721
18- [subs="attributes"]
22+ [source, groovy, subs="attributes"]
1923----
2024...
2125dependencies {
@@ -29,12 +33,13 @@ dependencies {
2933The default configuration installs a servlet filter for the URL pattern `/*` that adds a response
3034header `X-Frame-Options` with the value `DENY`.
3135
32- == Configuration
36+ == ⚙️ Configuration
3337
3438The plugin is configured through `grails-app/conf/application.yml`.
3539
3640We can limit the URL pattern the filter is applied to:
3741
42+ [source, yaml]
3843----
3944grails:
4045 plugin:
@@ -43,7 +48,7 @@ grails:
4348----
4449
4550We can also set multiple patterns:
46-
51+ [source, yaml]
4752----
4853grails:
4954 plugin:
@@ -55,7 +60,7 @@ grails:
5560
5661We can set different header values based on the configuration.
5762To set the header value `DENY` we must use the following configuration:
58-
63+ [source, yaml]
5964----
6065grails:
6166 plugin:
@@ -67,7 +72,7 @@ This is also the default value if no configuration is provided or no configurati
6772are set.
6873
6974To set the header value `SAMEORIGIN` we must use the following configuration:
70-
75+ [source, yaml]
7176----
7277grails:
7378 plugin:
@@ -76,7 +81,7 @@ grails:
7681----
7782
7883To set the header value `ALLOW-FROM` with a URL we must use the following configuration:
79-
84+ [source, yaml]
8085----
8186grails:
8287 plugin:
@@ -85,7 +90,7 @@ grails:
8590----
8691
8792To disable the filter we must use the following configuration option:
88-
93+ [source, yaml]
8994----
9095grails:
9196 plugin:
@@ -97,6 +102,8 @@ The filter is enabled by default and will use the `DENY` header value.
97102
98103== Changelog
99104
105+ For future changelogs see the GitHub https://github.com/grails-plugins/grails-x-frame-options-plugin/releases[releases] section.
106+
100107=== 2.0.0
101108- Grails 7.0.7
102109- Gradle 8.14.3
0 commit comments