My YunoHost server
Hardware: VPS bought online
YunoHost version: 11.0.10
I have access to my server : Through SSH
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
Hope you’re doing well. I’m trying to have an iframe display an html file from a file served by my Yunohost server and I get an error because X-FRAME-OPTIONS header is set to
sameorgin. I can’t find where that header is defined in the nginx config file.
I tried just adding
Thanks a lot in advance
There is no reason you will be in doubt if the content policy is still set to same origin,
i am not expert in nginx i am struggling with it myself, but i am expert in apache, which to my believe it works with the same principle,
the main difference is the syntax in enginx looks like a json,
in a view of security to set content policy to allow frame option of any kind other than the server origin is a very bad idea, which will expose you to hundreds of online penetration tools what will load your content through proxy and from there to other scan abilities,
in general, content policy headers should always being checked with the browser developer tool,
i don’t know in firefox but in any of chromium based browser you can press the F12 button,
navigate to “Network” > chose any element you like, and then it will show you the content policy of that specific element / page global
why are you using iframe anyway if i may ask?
why don’t you use jquery instead?
Uncaught DOMException: Blocked a frame with origin "https://www.MYDOMAIN.com" from accessing a cross-origin frame.
Thank you for pointing out other important headers. It’s going to be useful in the future.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.