To make your Laravel app's page embeddable in an iframe, you need to ensure that the appropriate HTTP headers are set to allow embedding. By default, many web applications include headers that prevent embedding to protect against clickjacking attacks.
In Laravel, you can control these headers using middleware. Here's a step-by-step solution:
-
Create Middleware to Allow Embedding:
First, create a new middleware that will set the necessary headers to allow embedding.
php artisan make:middleware AllowIframe -
Modify the Middleware:
Open the newly created middleware file located at
app/Http/Middleware/AllowIframe.phpand modify it to set theX-Frame-Optionsheader toALLOWALL.<?php namespace App\Http\Middleware; use Closure; use Illuminate\Http\Request; class AllowIframe { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle(Request $request, Closure $next) { $response = $next($request); $response->headers->set('X-Frame-Options', 'ALLOWALL'); return $response; } } -
Register the Middleware:
Next, register the middleware in your
app/Http/Kernel.phpfile. You can add it to the$routeMiddlewarearray if you want to apply it to specific routes, or to the$middlewarearray if you want it to apply globally.protected $routeMiddleware = [ // Other middleware 'allowiframe' => \App\Http\Middleware\AllowIframe::class, ]; -
Apply the Middleware to Your Route:
Finally, apply the middleware to the route that serves the page you want to embed. For example, if your route is defined in
routes/web.php:Route::get('/api/embed/{id}', [YourController::class, 'yourMethod'])->middleware('allowiframe'); -
Verify the Headers:
Ensure that the headers are correctly set by checking the response headers in your browser's developer tools. You should see the
X-Frame-Optionsheader set toALLOWALL.
By following these steps, you should be able to embed your Laravel app's page in an iframe on other sites, including Notion.
