I hope you can advise. I have a Java Spring web application. It renders jsps to the browser. I would now like to render the content of some of these jsps in iframes which can be embedded on other websites.
When I create a simple HTML page with an iFrame in it, the jsp content does not render due as, by default, my web application has "X-Frame-Options: SAMEORIGIN"
My ideal end result is that I store a list of websites on the server-side and the jsps each site is allowed serve in an iFrame.
I spent a long time searching for a guide on how to set up and configure this but so far I have had no joy. What I gather, is that I need to configure a ContentSecurityPolicyFilter filter. Is that correct? Is there a guide somewhere that shows how to achieve what I want using CSP's? Or, can you please point me in the right direction and let me know if I am on the right track?