0

one of our client was loading our web application in there website by an iframe. Few days back we applied X-Frame-Options Deny to our Application which somehow stopped loading our application in there website. Due to some reasons we can't change X-Frame-Options Deny, so is there any alternative , client can load our web application. Tried with Html Object but didn't worked for me.

Thanks, Abhinav

Abhinav Parashar
  • 619
  • 4
  • 11
  • 27
  • you could allow from their domain only: `X-Frame-Options ALLOW-FROM=http://www.example.com` - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options – Pete Sep 25 '18 at 08:33
  • I can't change X-Frame-Options Deny, m bound not to change it – Abhinav Parashar Sep 25 '18 at 08:37
  • 2
    well then you'll have to either write an api for them to consume or enter a world of pain with cors and ajax - but that would be even less secure than the iframe allowed by one domain – Pete Sep 25 '18 at 08:39
  • Can you help me out where i can get info that using it with with cors and ajax is Less secure – Abhinav Parashar Sep 25 '18 at 08:42
  • https://stackoverflow.com/questions/25236746/which-is-more-secure-iframe-or-cors-for-creating-a-widget-intended-for-embed – Pete Sep 25 '18 at 08:43

0 Answers0