Hardcoded X-Frame-Options: Deny preventing open source use

Description

We have found that releases of H2O flow after v3.18 have hardcoded a response header which is preventing the notebook from displaying in an iframe. The specific response header is:

line 195 of:
https://github.com/h2oai/h2o-3/blob/master/h2o-core/src/main/java/water/server/ServletUtils.java

Denying all requests to display H2O flow in an iframe hurts the open source nature of this product and hampers adoption. Having the option to set this to SAMEORIGIN would fix this for a lot of users. We would like to avoid brittle workarounds such as nginx configuration changes to accommodate use of the product.

Assignee

Michal Kurka

Fix versions

Reporter

Christopher Wellington

Support ticket URL

None

Labels

None

Affected Spark version

None

Customer Request Type

None

Task progress

None

CustomerVisible

No

Affects versions

Priority

Major
Configure