Invalid loading using X-Frame-Options: does not allow cross-contour cropping

Question

Invalid loading using X-Frame-Options: does not allow cross-contour cropping

I am using laravel 4 for one of my developments where I am trying to load an iframe using the cross origin call. But it throws an error, for example, "Load denied by X-Frame-Options: does not allow cross-origin framing."

I am trying to set headers such as:

header('X-Frame-Options: ALLOW-FROM SAMEORIGIN'); header('X-Frame-Options: ALLOW-FROM GOFORIT');

But still I get the above problem. Please suggest if I missed something.

+6

php cors laravel-4

Débasish nayak Sep 19 '14 at 12:14

source share

1 answer

Quentin · Answer 1 · 2014-09-19T12:22:06+0000

When you use ALLOW-FROM , you need to specify a URL, not an alternative value.

Using SAMEORIGIN explicitly blocks cross origin calls.

When using this or GOFORIT you must specify this as a single value.

So you want:

 header("X-Frame-Options: GOFORIT");

Please note that GOFORIT is the default behavior, so you may have to remove other code that denies access.

Note that the X-Frame-Options header should provide permission from the page displayed in the frame , and not from the page containing the <iframe> . You cannot give yourself permission to host other sites in the frame.

Invalid loading using X-Frame-Options: does not allow cross-contour cropping

More articles: