Menu
Recently my complete site is called in iframe by two other domains. I would like to block other sites, who are trying to show my site in iframe.
How can i block that through .htaccess?
878
IFrames are also used to show pop-under ads and to set cookies on your computer that survive even after you clear cookies from your browser. To prevent misuses of iFrames, you can block them from websites using the security parameters for Internet Explorer or Firefox, and with a plugin for Google Chrome.
You cannot fix this from Power Apps Portal side. Most probably web site that you try to embed as an iframe doesn't allow to be embedded. You need to update X-Frame-Options on the website that you are trying to embed to allow your Power Apps Portal (if you have control over that website).
You can set the variable in the header X-Frame-Options: Deny.
All modern browsers support the X-Frame-Options header.
The Facebook uses this header to disable iframe/framesets (also Javascript).
If you have enabled the mod_headers in apache:
.htaccess
Header set X-Frame-Options DENY But, you can enable iframes come from the same origin.
Header always append X-Frame-Options SAMEORIGIN Or in Nginx:
add_header X-Frame-Options Deny; #or SAMEORIGIN Browser compatibility: Source
158
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
