0

I am writing an angular app, an internal utility for the company.

In one of my pages I want to display another page from another internal project, using an iframe.

<iframe src="https://......at/certificates" class="full"></iframe>

While running it the browser shows me this error:

Refused to display 'https://....at/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Any idea?

Thanks

Dvora
  • 1,175
  • 1
  • 16
  • 26
  • If it's in the same Angular project, why are you using an iframe and not a component tag? – Chris Hamilton Jun 22 '22 at 15:17
  • What do you mean component tag? – Dvora Jun 22 '22 at 17:24
  • When you create a component in angular it has a selector - something like `app-my-component` you put that selector in html to create an instance of that component like `` – Chris Hamilton Jun 22 '22 at 21:28
  • No, sorry, I misled you. It's not the same angular ptoject. – Dvora Jun 23 '22 at 05:39
  • The X-Frame Options header is a security feature that disallows other websites from 'stealing' a website in an iframe. You would need to remove that header from whatever hosting service is serving the other project. – Chris Hamilton Jun 23 '22 at 17:12

1 Answers1

0

This should be done in the web server using the X-Frame-Options.

You should put the value "ALLOW-FROM domain" value to allow pages from your application to put the page in a iframe.

With Apache see this link

With IIS

More info about this parameter can be found here

Kemal AL GAZZAH
  • 967
  • 6
  • 15