OfficeJS Addin office-store validation fails only in office online

Question

I have a Manifest that points to home.html hosted in some web server. It also has X-Frame-Options as SAMEORIGIN. For security reasons I can't change this configuration. I believe due to this SAMEORIGIN configuration in word online addin fails to load. It works fine though in Windows and MAC native version of word. It is a taskpane addin. I don't have a requirement to support word online but seems to validate the addin it must work in word online also. Any suggestion how can I load home.html in word online when X-FRAME-OPTIONS is set to SAMEORIGIN.

Here is how I refer home.html in manifest.xml This server will always return x-frame-options: sameorigin with all responce header.

<Hosts>
    <Host Name="Document" />
</Hosts>
<DefaultSettings>
        <SourceLocation DefaultValue="https://<somedomain>.com//App/Home.html" />
</DefaultSettings>

Answer 1

It seems that your browser just respects X-Frame-Options: sameorigin header and saying I'm not going to load your Task pane iframe because it is not from the same domain as office online application. You can minimize your security risk by making exception for this rule in a web proxy (if you are using one or install and configure one) for requests coming from your office online domain.