Menu
I am trying to use some site of mine as an iframe from a different site of mine.
My problem is- the other site is always consistently changes his IP address and does not have an domain name.
So, I read that you can allo a specific domain by adding this lint to the /etc/nginx/nginx.conf:
add_header X-Frame-Options "ALLOW-FROM https://subdomain.example.com/"; My question is: It is possible to allow my site to be imported as an iframe from all IP addressed and domains? What should I write in order to achieve this?
I am using Ubuntu 16.04 and nginx 1.10.0.
320
X-Frame-Options:SAMEORIGIN - This means that the page can only be embedded in a frame on a page with the same origin as itself. X-Frame-Options:ALLOW-FROM - The page can only be displayed in a frame on the specified origin. This only works in browsers that support this header.
X-Frame-Options allows content publishers to prevent their own content from being used in an invisible frame by attackers. The DENY option is the most secure, preventing any use of the current page in a frame. More commonly, SAMEORIGIN is used, as it does enable the use of frames, but limits them to the current domain.
If you set it, then you can only set it to DENY, SAMEORIGIN, or ALLOW-FROM (a specific origin).
Allowing all domains is the default. Don't set the X-Frame-Options header at all if you want that.
Note that the successor to X-Frame-Options — CSP's frame-ancestors directive — accepts a list of allowed origins so you can easily allow some origins instead of none, one or all.
55
ALLOWALL is the default value.
Sometimes frameworks MVC such as Rails, Laravel, Django and so on, set a X_FRAME_OPTIONS to SAMEORIGIN so someone might need to reset it to the origin ALLOWALL value.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
