Reputation: 453
X-Frame-Options header is not a recognized directive
I am using Nextcloud (on Nginx) for a while now and I want to iframe it for another website. However the header does not accept my directives.
I changed the header option in /var/www/nextcloud/lib/private/legacy/response.php into the following:
header('X-Frame-Options: ALLOW-FROM https://example.com');
However when I make an example webpage with an iframe it gives me the following error:
Invalid 'X-Frame-Options' header encountered when loading 'https://nextcloud.example.com/apps/files/': 'ALLOW-FROM https://example.com' is not a recognized directive. The header will be ignored.
Does anyone have an idea why this does not work?
Upvotes: 18
Views: 63746
Answers (2)
Reputation: 8080
allow-from is 'obsolete'. You can use the Content-Security-Policy header instead:
header('Content-Security-Policy: frame-ancestors https://example.com');
Upvotes: 29
Reputation: 453
To come back to this post. Unfortunatly I found the problem. Chrome does not support this option, therefore Chrome gives me the error that the iframe redirected me to many times.
However the option works on Firefox (More information here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options).
Upvotes: 14
Related Questions
- How to resolve X-Frame-Options header is missing in Angular while using IFRAME inside a component
- X-frame-Options Http response Header does not work
- How to overwrite http Content-Disposition header in nginx.conf location block?
- How to set X-Frame-Options header without a custom server in Next.js?
- add_header X-Frame-Options DENY; in nginx conf is not working, i can still see the iframe in our application
- Nginx - X-Frame-Options errors while using ALLOW-FROM URI: unknown directive / invalid number of arguments in "add_header" directive
- Nextcloud : Bad Headers detection
- Removing “X-Frame-Options” header in nginx for a yandex
- Invalid 'X-Frame-Options' Header. ' ' is not a recognized directive
- X-Frame Options set as "DENY DENY"