X-Frame-Options: ALLOW-FROM in firefox and chrome

Question

I\'m implementing a \"pass-through\" for X-Frame-Options to let a partner site wrap my employer\'s site in an iframe, as per this article: http://blogs.msdn.com

Answer 1

I posted this question and never saw the feedback (which came in several months after, it seems :).

As Kinlan mentioned, ALLOW-FROM is not supported in all browsers as an X-Frame-Options value.

The solution was to branch based on browser type. For IE, ship X-Frame-Options. For everyone else, ship X-Content-Security-Policy.

Hope this helps, and sorry for taking so long to close the loop!