php - How to have different x-frame-options for different pages -
i have added x-frame-option header .htaccess prevent issues click jacking.
<ifmodule mod_headers.c> header append x-frame-options "sameorigin" </ifmodule> now required allow route accessible via iframe outside domains. i'm using php , have tried overwriting x-frame-option header via:
header('x-frame-options: goforit'); however appears x-frame-option not being overwritten instead being re-appended per following browser error (chrome):
multiple 'x-frame-options' headers conflicting values ('goforit, sameorigin') encountered when loading 'https://foo.com/baz/1'. falling 'deny'. how go overwriting x-frame-options pages?
you can wrap these directives inside of <location> or <locationmatch>, directives, limit url's apply to.
also if intend overwrite header, use 'header set' instead of 'header append'.
Comments
Post a Comment