Modify x-frame-options in apache2

Question

I want to use an iframe in my localhost web server (wamp). This iframe loads a form from a remote web server.

I have access to the remote web server, it uses apache2 (https://help.ubuntu.com/lts/serverguide/httpd.html), and i modify its security.conf file and i load the module 'headers'.

I modify security.conf by this line (the ip is the ip of my local computer):
Header append X-Frame-Options "ALLOW-FROM http://localhost, http://172.18.48.120, 172.18.48.120"

But when i test the changes, always says the same:
Refused to display 'http://externalURL.net/form.php' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Any idea? Where's the problem?

Answer 1

Just for completeness:

Here are the lines to add to your apache2/conf-available/security.conf file to make your iframed content available in browsers supporting either or both X-Frame-Options and Content-Security-Policy header options (as stated on this survey site)

Header set X-Frame-Options: "ALLOW_FROM https://www.example.com"
Header set Content-Security-Policy: "frame-ancestors https://www.example.com"

Make sure that header module is enabled

a2enmod headers

restart apache

service apache2 restart

That's it !