Restrict Embedding of Publisher in iframes
You can prevent embedding of Publisher in iframes.
By default, users can embed Publisher in an iframe only if the iframe and Publisher are in the same domain.
If you want to allow embedding of Publisher in an iframe belonging to another domain or you want to completely restrict embedding of Publisher in an iframe, provide appropriate values for the X_FRAME_OPTIONS and FRAME_ANCESTORS properties in the xmlp-server-config.xml file.
Note:
If you set X_FRAME_OPTIONS toDeny and FRAME_ANCESTORS to none, you can’t access the user interface of Publisher from other products that can embed Publisher, including Oracle Analytics Server. If you specify the values for both X_FRAME_OPTIONS and FRAME_ANCESTORS, the value used depends on the browser. Make sure you provide similar values to X_FRAME_OPTIONS and FRAME_ANCESTORS to ensure consistent behavior across browsers.
                  X_FRAME_OPTIONS Values
| Value | Specifies | 
|---|---|
| False | Do not set the header option. | 
| Deny | Do not allow users to embed Publisher in iframes. | 
| SameOrigin  | Allow users to embed Publisher in iframes of the same domain. This is the default. | 
| Allow-From url  | Allow users to embed Publisher only from the domain specified in the url parameter. | 
FRAME_ANCESTORS Values
| Value | Specifies | 
|---|---|
| False | Do not set the header option. | 
| none | Do not allow users to embed Publisher in iframes. | 
| self | Allow users to embed Publisher in iframes of the same domain. This is the default. | 
| url | Allow users to embed Publisher only from the domain specified in the url parameter. The URL can be repeated and can be specified in more than one format. |