News:

Wondering if this will always be free?  See why free is better.

Main Menu

Allow specific external site to load forum in iframe

Started by spiros, April 08, 2019, 10:12:39 AM

Previous topic - Next topic

spiros

How can I allow a specific external site to load the forum in an iframe?

spiros

I.e. add in index.php the second line?

header('X-Frame-Options: SAMEORIGIN');
header('X-Frame-Options: allow-from http://otherdomain.org/');

Arantor

The second line replaces the first (a header can only exist once) but not all browsers respect that setting, or didn't last I checked.

spiros

It did not work at all. Apparently "X-Frame-Options" has been replaced by "Content-Security-Policy":

https://content-security-policy.com/
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

which allows multiple values. I am trying something like:

header('Content-Security-Policy "frame-ancestors *.magicsearch.org/ 'self'");

Or

header('Content-Security-Policy: frame-ancestors *.magicsearch.org/ *.translatum.gr/);

But they both result in HTTP ERROR 500.

Arantor

You have mismatched quotes, but typing quotes on iPad is hard right now...

Illori


header('Content-Security-Policy "frame-ancestors *.magicsearch.org/" self');

I believe the above code has the corrected quotes.

spiros

I tried the one below, and apparently it works in third site and self site (translatum). The only strange issue is that it does not load the iframe on third site using Chrome proper (and checking source it reads "your browser does not support iframes"), but it loads it in an incognito window.

header('Content-Security-Policy: frame-ancestors http://magicsearch.org https://www.translatum.gr');

Edit: found the culprit, it was the Privacy Badger extension

Advertisement: