apache 上的 X-Frame-Options [英] X-Frame-Options on apache
问题描述
我正在尝试允许某些特定域通过 iframe 访问我的网站
Header set X-Frame-Options ALLOW-FROM https://www.that-site.com我知道这可以通过将上面的行添加到 Apache 服务器的配置中来完成.
这里有两个问题.
1) 应该添加到哪个配置文件中?在Unix和Windows上运行的apache,如果不是同一个文件
2) 在启用 all-from 的同时,我仍然希望能够从我自己的域运行一些 iframe.我可以在允许后添加以下行吗?
标题集 X-Frame-Options SAMEORIGIN或者我应该在 all-from 中添加我自己的域,即
标题集 X-Frame-Options ALLOW-FROM https://www.that-site.com, http://www.my-own-domain.com真的需要解决这个问题.提前致谢
- 您可以添加到
.htaccess、httpd.conf或VirtualHost部分 Header set X-Frame-Options SAMEORIGIN这是最好的选择
Allow from URI 并非所有浏览器都支持.参考:MDN 上的 X-Frame-Options
I am trying to allow some particular domain to access my site via iframe
Header set X-Frame-Options ALLOW-FROM https://www.that-site.com
I know this could be done by add the line above to the config of Apache server.
Two questions here.
1) which config file should be added to? The apache running on both Unix and windows, if not the same file
2) while enable the all-from, I still want to be able to run some iframe from my own domain. Can I just add the following line after the allow-from?
Header set X-Frame-Options SAMEORIGIN
Or I should just add my own domain in the all-from, ie
Header set X-Frame-Options ALLOW-FROM https://www.that-site.com, http://www.my-own-domain.com
Really need to get this solved out. Thanks in advance
- You can add to
.htaccess,httpd.conforVirtualHostsection Header set X-Frame-Options SAMEORIGINthis is the best option
Allow from URI is not supported by all browsers. Reference: X-Frame-Options on MDN
这篇关于apache 上的 X-Frame-Options的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
