在Apache X框选项 [英] X-Frame-Options on apache

问题描述

我试图让一些特定的域通过iframe的访问我的网站

 头集合X帧选项允许-FROM https://www.that-site.com
 

我知道这可以通过添加上面Apache服务器的配置行来完成。

下面两个问题。

1），该配置文件应该被添加到？ Apache的UNIX和Windows上运行，如果不是同一个文件

2），同时使所有从，我还是希望能够从我自己的域名运行一些iframe中。我可以再补充以下行的允许，从后？

 头集合X帧选项SAMEORIGIN
 

或者我应该只需要添加自己的域名在全从，即

 头集合X帧选项允许-FROM https://www.that-site.com，http://www.my-own-domain.com
 

真的需要这个解决了。在此先感谢

解决方案

1. 您可以添加到.htaccess文件httpd.conf文件或


2. '头设置X框选项SAMEORIGIN这是最好的选择。

从URI允许不是所有的浏览器都支持。参考：<一href=\"https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options\">https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options

I am trying to allow some particular domain to access my site via iframe

Header set X-Frame-Options ALLOW-FROM https://www.that-site.com

I know this could be done by add the line above to the config of Apache server.

Two questions here.

1) which config file should be added to? The apache running on both Unix and windows, if not the same file

2) while enable the all-from, I still want to be able to run some iframe from my own domain. Can I just add the following line after the allow-from?

 Header set X-Frame-Options SAMEORIGIN

Or I should just add my own domain in the all-from, ie

 Header set X-Frame-Options ALLOW-FROM https://www.that-site.com, http://www.my-own-domain.com

Really need to get this solved out. Thanks in advance

解决方案

1. you can add to .htaccess file or httpd.conf
2. 'Header set X-Frame-Options SAMEORIGIN' this is the best option.

'Allow from uri' is not supported by all browsers. Ref: https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options

这篇关于在Apache X框选项的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！