3 years ago

iframe and X-Frame-Options

Posted 3 years ago by nam_co

Hi, hope somebody can help me, Im trying to allow some pages to be included in a iframe in another site, example: Facebook, but I can't see to find a way , Im always getting

Multiple 'X-Frame-Options' headers with conflicting values ('*, SAMEORIGIN') encountered when loading 'some url'. Falling back to 'DENY'.

I tried 2 ways:

Using Middleware:

class FrameHeadersMiddleware
    public function handle($request, Closure $next)
        $response = $next($request);
        //$response->header('X-Frame-Options', 'ALLOWALL');
        //$response->header('X-Frame-Options', 'ALLOW FROM');
        $response->headers->set('X-Frame-Options', '*');
        return $response;

or maybe theres an easy way to put it directly in the controller:

return view('front.benefits')
    ->withHeaders('X-Frame-Options', 'ALLOWALL')
        ->with('somedata', $somedata);

Please, any one have manage to do this, Im using L5.4

Please sign in or create an account to participate in this conversation.