One of my friends, working on a project wanted to load another website in an iframe. But kept getting error similar to
Load denied by X-Frame-Options: http://some-website.com/dashboard/home does not permit framing.
There is a meta tag for HTML that you can include which prevents embedding your site on other sites. For example Someone might use this blog on their own site using iframe. If I want that anyone can embed this site, I could use the meta tag below.
<meta http-equiv="X-Frame-Options" content="allow">
As explained by Mozilla.
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a
<frame>
, <iframe>
or <object>
. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.X-Frame-Options can have three values - DENY, SAMEORIGIN, ALLOW-FROM uri. The values explain themselves very well.
To configure this on Apache modify configuration ( httpd.conf )as below -
Header always append X-Frame-Options SAMEORIGIN
In case you do not have access to httpd.conf file.. you can also use .htaccess as below-
Header append X-FRAME-OPTIONS "SAMEORIGIN"
Well, that was fun :) we'll learn more on clickjacking more in another post.. stay tuned.
Until next time.
Ref : https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.