0

Is there any way to open different subdomain site in the iframe?

Ex. I'm on a.xyz.com and here is iframe pointing to b.xyz.com.

a.xyz.com

<body>
    <iframe src="http://b.xyz.com"></iframe>
</body>

b.xyz.com

<body>
    B subdomain iframe
</body>

As for now I'm getting cross-origin error.

Load denied by X-Frame-Options: b.xyz.com does not permit cross-origin framing.

Adam Gontarek
  • 21
  • 4
  • That isn't the default behaviour. You need to provide a [mcve] and **precisely quote** the error message. – Quentin Dec 13 '16 at 09:27
  • Duplicate: http://stackoverflow.com/questions/27358966/how-to-set-x-frame-options-on-iframe – Quentin Dec 13 '16 at 10:17
  • It's not the case to disable SAMEORIGIN at all. The site would be vurneable to clickjacking – Adam Gontarek Dec 13 '16 at 10:26
  • You've banned all other origins from loading the page but you want another origin to access it. You can't have it both ways. Maybe you should look at what the allowed values for X-Frame-Options are. – Quentin Dec 13 '16 at 10:29

0 Answers0