X-Frame Options for Outlook Web Add-Ins

Question

X-Frame Options for Outlook Web Add-Ins

I am working on an add-on for an Outlook website and I'm afraid to know what value to set for the header X-Frame-Options: ALLOW-FROM. As far as I know, users can access Outlook through three different domains ( office.com , office365.com and live.com ). Does anyone know how I can determine which site is performing the request, so I can set the header correctly?

+4

x-frame-options outlook-web-addins

Ryan robertson Jan 19 '18 at 5:46

source share

1 answer

Outlook Add-ins Team - MSFT · Answer 1 · 2018-01-28T18:15:45+0000

The add-in should be able to run in iFrame to work in Outlook Web, so the X-Frame-Options header should not be included at all. ALLOW-FROM cannot be used because the number of domains in the list is more than 3, and this list is growing - there are many cases when different users access Office365 and outlook.com using custom domains.

X-Frame Options for Outlook Web Add-Ins

More articles: