Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
995 views
in Technique[技术] by (71.8m points)

cross browser - X-Frame-Options on apache

I am trying to allow some particular domain to access my site via iframe

Header set X-Frame-Options ALLOW-FROM https://www.that-site.com

I know this could be done by add the line above to the config of Apache server.

Two questions here.

1) which config file should be added to? The apache running on both Unix and windows, if not the same file

2) while enable the all-from, I still want to be able to run some iframe from my own domain. Can I just add the following line after the allow-from?

 Header set X-Frame-Options SAMEORIGIN

Or I should just add my own domain in the all-from, ie

 Header set X-Frame-Options ALLOW-FROM https://www.that-site.com, http://www.my-own-domain.com

Really need to get this solved out. Thanks in advance

question from:https://stackoverflow.com/questions/17092154/x-frame-options-on-apache

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
  1. You can add to .htaccess, httpd.conf or VirtualHost section
  2. Header set X-Frame-Options SAMEORIGIN this is the best option

Allow from URI is not supported by all browsers. Reference: X-Frame-Options on MDN


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...