Laravel拒绝在iFrame中显示为"SAMEORIGIN"的"X-Frame-Options". [英] Laravel refusing to display in iFrame as "'X-Frame-Options' to 'SAMEORIGIN'."

问题描述

因此，我在Laravel中构建了一个表单，并在外部托管，但是我想在HTML页面中显示该表单，但是X-Frame-Options出现了问题.

确切的错误消息是:

Refused to display 'url' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

我在以前的StackOverflow答案中已经看到，这是由于FrameGuard中间件引起的，但是此后已将其删除，并且代码发布行不在该文件中.

Laravel版本5.3.

我也试图使用地板在Nginx配置文件中设置X-Frame-Options，但没有结果:

sed -i 's/http\ {/http\ {\nadd_header X-Frame-Options SAMEORIGIN, false;\n\n/' /etc/nginx/nginx.conf

此错误发生在经过测试的多个浏览器中:Chrome& Safari

解决方案

将响应头设置为从框架到

X-Frame-Options: ALLOW-FROM https://example.com/

其中example.com是请求表单的域.

您可以在laravel中使用中间件来做到这一点.

生成新的中间件.

php artisan make:middleware FrameHeadersMiddleware

然后在您刚刚创建的中间件的handle函数中执行以下操作:

namespace App\Http\Middleware;
use Closure;

public function handle($request, Closure $next)
{
     $response = $next($request);
     $response->header('X-Frame-Options', 'ALLOW FROM https://example.com/');
     return $response;
 }

然后您可以将其添加到Kernel.php中的中间件数组之一

protected $middleware = [
    App\Http\Middleware\FrameHeadersMiddleware::class
];

或者如果只想将其添加到特定路由，则添加到中间件组数组之一.

So I have built a form in Laravel and am hosting externally but I want to display this within a HTML page but am having issues with the X-Frame-Options.

The exact error message is:

Refused to display 'url' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

I have seen on previous StackOverflow answers that this is due to FrameGuard Middleware but this has since been removed and the issue line of code is not in that file.

Laravel Version 5.3.

I have also tried to set the X-Frame-Options in the Nginx config file using the flooring with no result:

sed -i 's/http\ {/http\ {\nadd_header X-Frame-Options SAMEORIGIN, false;\n\n/' /etc/nginx/nginx.conf

This error is occurring in multiple browsers, tested: Chrome & Safari

解决方案

Set your header on the response from the frame to

X-Frame-Options: ALLOW-FROM https://example.com/

where example.com is the domain requesting the form.

You could use middleware in laravel to do this.

Generate a new middleware.

php artisan make:middleware FrameHeadersMiddleware

then in the handle function of the middleware you just created do something like:

namespace App\Http\Middleware;
use Closure;

public function handle($request, Closure $next)
{
     $response = $next($request);
     $response->header('X-Frame-Options', 'ALLOW FROM https://example.com/');
     return $response;
 }

You can then add this to one of the middleware arrays in Kernel.php

protected $middleware = [
    App\Http\Middleware\FrameHeadersMiddleware::class
];

Or to one of the middleware group arrays if you want to add it only to specific routes.

这篇关于Laravel拒绝在iFrame中显示为"SAMEORIGIN"的"X-Frame-Options".的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！