✨ Allow 'X-Frame-Options: SAMEORIGIN' in helm chart

[df-just]

Describe the feature request.

Create a helm chart for apps deployed on Common Platform that allows for X-Frame-Options to be set to SAMEORIGIN. (Raised from AP Support ticket)

Describe the context.

We're currently developing a proof of concept application, deployed on Cloud Platform, which uses Streamlit as its framework. Recently we've added some custom components to the app. Whilst they work when testing locally, they do not display when deployed.

The issue is being caused by the components embedding iframes into the app to render their output which is being denied by the settings for 'X-Frame-Options'. I've raised a ticket with Cloud Platform support who've confirmed that switching to 'SAMEORIGIN' fixes the issue and that the setting is originating from this helm chart.

It's also been established that other services deployed on Cloud Platform already have this setting enabled, so it should hopefully comply with security protocols.

Value / Purpose

Will allow more freedom and versatility when integrating custom components and visualisations into deployed apps.

Timelines

We're aiming to start some user testing before the end of August so if it could be implemented before then it'd save us having to rework the app to use a more basic, less user-friendly features.

User Types

Developers, End users

[df-just]

Hi, are there any rough timeframes for when this might get looked into?

[darren1988]

@df-just - We will take this ticket into our next refinement to size the work and look at when we can get this scheduled in. Our next refinement will be at the end of this month as we are going into a 2 week firebreak, starting tomorrow

[darren1988]

To be discussed at the next refinement

[jacobwoffenden]

Hi @df-just

This has been added to the last release of the webapp-cp chart, you will need to add the following to your deployment

--set Ingress.Headers.SameOrigin="true"

Cheers

[df-just]

Great, cheers Jacob