3

I'm unable to load my test https(with self signed certificate) site into iframe from 127.0.0.1/localhost/example.com

In my Java Spring application I have added following line:

.headers().frameOptions().disable().addHeaderWriter(new StaticHeadersWriter("X-FRAME-OPTIONS", "ALLOW-FROM example.com"))

but still unable to load my application https://127.0.0.1:8443 into IFRAME

<html>
    <head>
    </head>
    <body>
        <iframe src="https://127.0.0.1:8443"></iframe>
    </body>
</html>

How to allow loading of my application into iframe ?

alexanoid
  • 24,051
  • 54
  • 210
  • 410
  • Refer the answer: http://stackoverflow.com/a/28649205/1533666 and my answer to understand the X-FRAME-OPTIONS – Venkat.R Jan 09 '16 at 01:16

1 Answers1

4

You are using ALLOW-FROM but ALLOW-FROM is not supported in Chrome or Safari.

Refer: X-Frame-Options: ALLOW-FROM in firefox and chrome

How to disable ?

How to disable 'X-Frame-Options' response header in Spring Security?

What is X-FRAME-OPTIONS?

https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

How to deny site access from an iframe?

http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx

Community
  • 1
  • 1
Venkat.R
  • 7,420
  • 5
  • 42
  • 63