Reputation: 86
Load denied by X-Frame-Options: does not permit cross-origin framing
I am using laravel 4 for one of my development where i am trying to load an iframe using cross origin call. But it throws an error like "Load denied by X-Frame-Options: does not permit cross-origin framing".
I am trying to set a headers like:
header('X-Frame-Options: ALLOW-FROM SAMEORIGIN');
header('X-Frame-Options: ALLOW-FROM GOFORIT');
But still i am getting the above issue. Please suggest if i am missing something.
Upvotes: 3
Views: 27052
Answers (1)
Reputation: 944294
When you use ALLOW-FROM you have to specify a URL, not an alternative value.
Using SAMEORIGIN explicitly blocks cross origin calls.
When using that or GOFORIT you have to specify that as the only value.
So you want:
header("X-Frame-Options: GOFORIT");
Note that GOFORIT is the default behaviour, so you will probably have to remove some other code that is denying access.
Note also that the X-Frame-Options header must grant permission from the page being displayed in the frame and not the page containing the <iframe> tag itself. You can't give yourself permission to put other sites in a frame.
Upvotes: 8
Related Questions
- No 'Access-Control-Allow-Origin' header - Laravel
- Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource not working
- Laravel 7 - No 'Access-Control-Allow-Origin' header is present on the requested resource
- CORS (Access-Control-Allow-Origin) on Laravel
- Laravel - cross domain request - barryvdh laravel-cors
- Laravel cors 'Access-Control-Allow-Origin' and 'Access-Control-Allow-Headers'
- How to fix 'Access-Control-Allow-Origin' issue in Laravel?
- CORS header ‘Access-Control-Allow-Origin’ missing Laravel 5.4
- Laravel 4 refuses to load iframe due to 'X-Frame-Options' to 'SAMEORIGIN'
- Angular/Laravel CORS issue : The Same Origin Policy disallows reading the remote resource