X-Frame-Options

J

ju.em.borges

New member

Joined

Mar 22, 2015

Messages

1

• Mar 22, 2015

• #1

Hi Friends,
How can I disable X-Frame-Options SAMEORIGIN for my domain?
I want to allow access to a specific domain.
Thank you!

 

soulshepard

Verified User

Joined

Feb 7, 2008

Messages

134

• Feb 9, 2017

• #2

did you find a solution? i am looking for the same.
you can set it in the default httpd config. but this is adding and we need to replace

 

soulshepard

Verified User

Joined

Feb 7, 2008

Messages

134

• Feb 9, 2017

• #3

for all who is also looking for it

source: https://forum.directadmin.com/archive/index.php/t-53501.html

solution:

Code:

|*if DOMAIN="customer.mccs.nl"|
Header set X-Frame-Options "ALLOW-FROM https://domain.com"
|*endif|

the solutions and difference was in the set command not add.

 

soulshepard

Verified User

Joined

Feb 7, 2008

Messages

134

• Jul 31, 2022

• #4

the the one that searches for this one, it seems allow-from is obsolete.
use this in stead:

Code:

|*if DOMAIN="remote.domain.nl"|
Header set Content-Security-Policy "frame-ancestors https://thelocalwebsitethatneedstheiframe.nl"
|*endif|