Invalid X-Frame options
-
Great plugin, functionality works really well. However I am coming across a small x-frame issue on my server. The console within the Chrome browser inspector tells me that there is no proper header for x-frame that your plugin requires.
So I tried to set up an explicit directive ALLOW-FROM https://facebook.com and it did not recognise it (I think Chrome just ignores this directive). Also tried a directive for same-origin but that got rejected. In the end I just opened up the x-frame options with “Allow”. However, I don’t really think this is a good idea to prevent cross-scripting attacks – I think it leaves me wide open. Here is the code I put within my .htaccess file:
# Fix console error for FB Messenger plugin <IfModule mod_headers.c> Header set X-Frame-Options Allow Header always append X-Frame-Options SAMEORIGIN** </IfModule>Stackoverflow resources:
https://stackoverflow.com/questions/17092154/x-frame-options-on-apache?fbclid=IwAR0xdmBS9PrYO-BDb7jBXLzgm0FPhXuwaj92OKPS5ZmRH3uzMhPkl8zsjgo
https://stackoverflow.com/questions/20611893/can-somebody-please-help-me-to-avoid-internal-server-error-htaccess-apache2cWhat does the plugin author recommend to solve this browser error? Or if any other users came across it, what did you do?
The page I need help with: [log in to see the link]
- The topic ‘Invalid X-Frame options’ is closed to new replies.
