Getting security warning even when X-Frame-Options: SAMEORIGIN added to subpage loaded in iframe
In our application we are opening a sub page in an iframe within the main page. Both pages are form the same Domain. Although we've added X-Frame-Options: SAMEORIGIN to the page loaded in the iframe, it still gives this error. Could you please suggest on how to solve this issues, what would I be missing?
Thanks in Advance! Shibu.
所有回复 (2)
Hi Shibu, does your server send any Content-Security-Policy headers? This overrrides X-Frame-Options if both are sent:
https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
Otherwise, perhaps there is a more subtle mismatch in the protocol, host name, or port.
You can also check this in the Network Monitor.