Outlook Web 加载项的 X 框架选项 [英] X-Frame-Options for Outlook Web Add-Ins

问题描述

我正在开发 Outlook Web 加载项，并且正在努力了解要为 X-Frame-Options: ALLOW-FROM 标头设置的值.据我所知，用户可以通过三个不同的域(office.com、office365.com 和 live.com).有谁知道我如何知道是哪个站点发出请求，以便我可以适当地设置标头?

I'm working on an Outlook Web Add-In and I'm struggling with knowing what value to set for the X-Frame-Options: ALLOW-FROM header. As far as I know, users may access Outlook via three different domains (office.com, office365.com and live.com). Does anyone know how I can tell which site is making the request, so I can set the header appropriately?

推荐答案

加载项需要能够在 iFrame 中运行才能在 Outlook Web 中运行，因此 X-Frame-Options 标头不应包含在全部.ALLOW-FROM 无法真正使用，因为要列出的域数量远远超过提到的 3 个，而且该列表还在不断增加 - 在很多情况下，不同用户使用自定义域访问 Office365 和 Outlook.com.

The add-in needs to be able to run in an iFrame in order to work in Outlook Web, thus X-Frame-Options header should not be included at all. ALLOW-FROM can't really be used because the number of domains to list is way more than 3 mentioned, and that list is growing – there are many cases where various users access Office365 and outlook.com using custom domains.

这篇关于Outlook Web 加载项的 X 框架选项的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！