mercredi 29 avril 2015

How to have different x-frame-options for different pages

I have added an X-FRAME-OPTION header to my .htaccess to prevent issues with click jacking.

<IfModule mod_headers.c>
    Header append X-Frame-Options "SAMEORIGIN"
</IfModule>

Now I am required to allow a certain route to be accessible via an iframe from outside domains. I'm using PHP and have tried overwriting the X-frame-option header via:

  header('X-Frame-Options: GOFORIT');

However it appears that the X-frame-option is not being overwritten but is instead being re-appended as per the following browser error (Chrome):

Multiple 'X-Frame-Options' headers with conflicting values ('GOFORIT, SAMEORIGIN') encountered when loading 'https://foo.com/baz/1'. Falling back to 'DENY'.

How do you go about overwriting the x-frame-options for certain pages?

Aucun commentaire:

Enregistrer un commentaire