Hi there! What’s the best way to prevent my WeWeb site from being iFramed? Seeing the general web best practice is setting header x-frame-options DENY but wondering if there’s a suggested way to do it with Weweb that won’t impact the editor.
Thanks!
1 Like
You get a lot more control at the server level when you self-host. A couple Statechange members have done that with weweb and we worked on both in office hours. The coversion makes them even more fans of the weweb editor for creation, and they get specific server-side controls associated with their hosting with a very small amount of work to “bridge” between the editor and the hosting environment.
In your case, you could inject the x-frame-options header as part of serving your content on the hosting environment (netlify, digital ocean, etc) which would affect your published site, but not the editor, achieving your goals of both developer experience and security in production.
5 Likes
Appreciate this, @raydeck! I take it then that there’s no way for me to achieve my goal with a WeWeb hosted stack?
@Joyce if this is correct, seems like it could be a nice feature as a toggle-on for those of us that are looking to prevent iframing.
1 Like
Hi @clncsports 
That is indeed correct. Love your suggestion though! Just created a product ticket so the team can look into it.
2 Likes
Any update on preventing site from being iframed for security reasons?