1

I am building a chrome extension in which I am showing an iframe on a popup from the Gmail home page. As Gmail home page is in HTTPS , my iframe should also be in https. I configured apache2 by enabling mod_ssl and got HTTPS working on apache2. I made a native PHP page and tried to show that on the frame which is on Gmail page. I had no problems it was loading the page from localhost. But when I wanted to use a Laravel backend, it showed me error.

Refused to display 'https://localhost/laravel/laravel/public/index.php/chromelogin' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

Any Suggestions??

Dan Bowling
  • 1,205
  • 1
  • 15
  • 41
Prasanna Sundar
  • 1,650
  • 1
  • 11
  • 16
  • Check out this solution and see if it works - http://stackoverflow.com/questions/20498831/refused-to-display-in-a-frame-because-it-set-x-frame-options-to-sameorigin – CheckeredMichael Jun 06 '14 at 14:23

3 Answers3

7

Add following line in your bootstrap/start.php file:

$app->forgetMiddleware('Illuminate\Http\FrameGuard');
The Alpha
  • 143,660
  • 29
  • 287
  • 307
1

You can create a service provider and put this in the register() function

$this->app->forgetMiddleware('Illuminate\Http\FrameGuard');

This way you can put in logic if you don't want to disable it for your whole application.

Eric Seyden
  • 61
  • 4
1

This is removed since 4.2

Removing this by default in 4.2. Should be in an after filter - will leave FrameGuard class so people can add the middleware manually if they want.

-- Taylor Otwell

You can confirm this If you look at the source code or search your project folder so you can see that the class is still under Illuminate\Http\Middleware but the only reference to it is in vendor/laravel/framework/src/Illuminate/Foundation/Console/Optimize/config.php:

$basePath.'/vendor/laravel/framework/src/Illuminate/Http/Middleware/FrameGuard.php',
Community
  • 1
  • 1
totymedli
  • 29,531
  • 22
  • 131
  • 165