Menu
Im trying to set the ALLOWED-FROM in Nginx but all settings I tried so far resulted in the following Chrome error: Invalid 'X-Frame-Options' header encountered when loading 'https://domain.com/#/register': 'ALLOW-FROM domain.com' is not a recognized directive. The header will be ignored.
This options I tried are those: (tried also with FQDN with https:// prefix)
add_header X-Frame-Options "Allow-From domain.com"; add_header X-Frame-Options "ALLOW-FROM domain.com"; add_header X-Frame-Options "ALLOW-FROM: domain.com"; add_header X-Frame-Options "Allow-From: domain.com"; add_header X-Frame-Options ALLOW-FROM "domain.com"; add_header X-Frame-Options ALLOW-FROM domain.com; 
405
X-Frame-Options:DENY is a header that forbids a page from being displayed in a frame. If your server is configured to send this heading, your sign-on screen will not be allowed to load within the embed codes provided by Credo, which use the iframe HTML element.
in Chrome and Safari you need to use Content-Security-Policy
Content-Security-Policy: frame-ancestors domain.com You can check more details on this site:
https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives
73
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
