Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

how to set the X-Frame-Options in a content hosted by github?

I want a html file to be loaded as iframe by any url, it's hosted by Github ..

This solution doesn't work :

<?php
header('X-Frame-Options: GOFORIT'); 
?>

And I suppose that we can't apply this one (mod_headers), so is there a way to do that ?

like image 507
jeum Avatar asked Jun 09 '13 18:06

jeum


People also ask

How do I set X-Frame-options?

Double-click the HTTP Response Headers icon in the feature list in the middle. In the Actions pane on the right side, click Add. In the dialog box that appears, type X-Frame-Options in the Name field and type SAMEORIGIN in the Value field. Click OK to save your changes.

How do I set X-Frame-options in IIS?

In the Default Web Site Home pane, under IIS, double-click the HTTP Response Headers icon. In the Actions pane, click Add. Control Manager displays a dialog box. In the Name field, type X-Frame-Options .


1 Answers

Support answer :

We block iframes to prevent clickjacking attacks against our users. We do this by sending the "X-Frame-Options: deny" header for every page. Clickjacking is a legitimate attack vector and at this time we do not have plans to remove the "X-Frame-Options: deny" header or allow exceptions for non-GitHub owned properties. It's unfortunate that such measures are necessary, but we have a responsibility to take all practical steps to protect our users.

like image 177
jeum Avatar answered Oct 06 '22 18:10

jeum