Overcoming “Display forbidden by X-Frame-Options”

后端 未结 26 2276
梦谈多话
梦谈多话 2020-11-21 06:31

I\'m writing a tiny webpage whose purpose is to frame a few other pages, simply to consolidate them into a single browser window for ease of viewing. A few of the pages I\'

26条回答
  •  情话喂你
    2020-11-21 07:22

    I had a similar issue, where I was trying to display content from our own site in an iframe (as a lightbox-style dialog with Colorbox), and where we had an server-wide "X-Frame-Options SAMEORIGIN" header on the source server preventing it from loading on our test server.

    This doesn't seem to be documented anywhere, but if you can edit the pages you're trying to iframe (eg., they're your own pages), simply sending another X-Frame-Options header with any string at all disables the SAMEORIGIN or DENY commands.

    eg. for PHP, putting

    
    

    at the top of your page will make browsers combine the two, which results in a header of

    X-Frame-Options SAMEORIGIN, GOFORIT
    

    ...and allows you to load the page in an iframe. This seems to work when the initial SAMEORIGIN command was set at a server level, and you'd like to override it on a page-by-page case.

    All the best!

提交回复
热议问题