克服“X-Frame-Options禁止显示” [英] Overcoming "Display forbidden by X-Frame-Options"
问题描述
我正在编写一个小网页,其目的是构建其他几个页面,只需将它们合并到一个浏览器窗口中以便于查看。我试图框架的一些页面禁止被框架并抛出拒绝显示文档,因为X-Frame-Options禁止显示。 Chrome中的错误。我理解这是一个安全限制(有充分理由),并且无权更改它。
I'm writing a tiny webpage whose purpose is to frame a few other pages, simply to consolidate them into a single browser window for ease of viewing. A few of the pages I'm trying to frame forbid being framed and throw a "Refused to display document because display forbidden by X-Frame-Options." error in Chrome. I understand that this is a security limitation (for good reason), and don't have access to change it.
是否有任何替代框架或非框架方法在单个窗口中显示不会被X-Frame-Options标题绊倒的页面?
Is there any alternative framing or non-framing method to display pages within a single window that won't get tripped up by the X-Frame-Options header?
推荐答案
我有一个类似的问题,我试图在iframe中显示来自我们自己网站的内容(作为带有 Colorbox的灯箱式对话框),我们在源服务器上有一个服务器范围的X-Frame-Options SAMEORIGIN标头,阻止它在我们的测试服务器上加载。
I had a similar issue, where I was trying to display content from our own site in an iframe (as a lightbox-style dialog with Colorbox), and where we had an server-wide "X-Frame-Options SAMEORIGIN" header on the source server preventing it from loading on our test server.
这个似乎没有在任何地方记录,但如果您可以编辑您尝试iframe的页面(例如,它们是您自己的页面),只需发送另一个X-Frame-Options标头,任何字符串都会禁用SAMEORIGIN或DENY命令。
This doesn't seem to be documented anywhere, but if you can edit the pages you're trying to iframe (eg., they're your own pages), simply sending another X-Frame-Options header with any string at all disables the SAMEORIGIN or DENY commands.
例如。 for PHP,put
eg. for PHP, putting
<?php
header('X-Frame-Options: GOFORIT');
?>
会使浏览器合并两者,从而产生
at the top of your page will make browsers combine the two, which results in a header of
X-Frame-Options SAMEORIGIN, GOFORIT
...并允许您在iframe中加载页面。当初始SAMEORIGIN命令设置在服务器级别时,这似乎有效,并且您希望在逐页的情况下覆盖它。
...and allows you to load the page in an iframe. This seems to work when the initial SAMEORIGIN command was set at a server level, and you'd like to override it on a page-by-page case.
所有最好!
这篇关于克服“X-Frame-Options禁止显示”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
