Nothing will unset X-Frame-Options (Apache, PHP 5.3)

前端未结

关注

 4  2080

栀梦 2021-01-11 18:35

I\'m trying to implement an embeddable widget, functioning similar to a Twitter embedded tweet. The simplest solution, though maybe not the best, appears to be an iframe or

4条回答

予麋鹿 (楼主)

2021-01-11 19:26
Consider the following experiment:
```
Header always set X-Frame-Options "DENY"
Header unset X-Frame-Options
Header set set X-Frame-Options "TEST"
```
response headers:
```
X-Frame-Options "DENY"
X-Frame-Options "TEST"
```
Second experiment:
```
Header set X-Frame-Options "DENY"
Header unset X-Frame-Options
Header set set X-Frame-Options "TEST"
```
response headers:
```
X-Frame-Options "TEST"
```
Conclusion: the always option blocks the original value from being unset, however it doesn't block from adding a new value.
0 讨论(0)

查看其它4个回答
发布评论:

提交评论
- 加载中...