发表新帖

发表新帖

X-Frame-Options on apache

前端未结

关注

 5  1346

猫巷女王i 2020-12-13 06:23

I am trying to allow some particular domain to access my site via iframe

Header set X-Frame-Options ALLOW-FROM https://www.that-site.com

I

5条回答

爱一瞬间的悲伤 (楼主)

2020-12-13 07:02
What did it for me was the following, I've added the following directive in both the http and https virtual host blocks:
```
ServerName your-app.com
ServerAlias www.your-app.com

Header always unset X-Frame-Options
Header set X-Frame-Options "SAMEORIGIN"
```
The reasoning behind this? Well by default if set, the server does not reset the X-Frame-Options header so we need to first always remove the default value, in my case it was DENY, and then with the next rule we set it to the desired value, in my case SAMEORIGIN. Of course you can use the Header set X-Frame-Options ALLOW-FROM ... rule as well.
0 讨论(0)

查看其它5个回答
发布评论:

提交评论
- 加载中...

热议问题