I want to add multiple domains/URL in Header set X-Frame-Options "ALLOW-FROM " (eg: Header set X-Frame-Options "ALLOW-FROM http://xyz, http://abc") in httpd.conf file . But I am unable to add 2 domains/URL as specified above. My requirement is the the X-Frame contents should be displayed only if the page is accessed from 2 different domains. So obviously I cannot give SAMEORGIN. Please specify any alternate solutions to add 2 domains/URL in X-Frame-Options.
Asked
Active
Viewed 5,777 times
0
-
the format of that header does not allow to define several domains in one go, and it is not recognized by some browsers. You should use Access-Control-Allow-Origin instead. – Daniel Ferradal Jul 31 '17 at 12:48
-
Possible duplicate of [X-Frame-Options Allow-From multiple domains](https://stackoverflow.com/questions/10205192/x-frame-options-allow-from-multiple-domains) – Michael May 31 '19 at 20:32
1 Answers
2
Add this to your apache configuration:
<IfModule mod_headers.c>
Header set Content-Security-Policy "frame-ancestors http://*.example.com/ 'self';"
# For IE 11 and below
Header set X-Frame-Options SAMEORIGIN
Header append X-Frame-Options "ALLOW-FROM http://example.com/" </IfModule>
theBell
- 393
- 4
- 17