X-frame-options allowfrom is deprecated

[Jaxom99]

Following last upgrade, OnlyOffice is not working anymore on my install (using a different subdomain). ynh4.2.6.1 on both servers, oo version 6.1.0~ynh2. Error message from the browser (both FF and Chromium) is : "Un en-tête X-Frame-Options non valide a été trouvé lors du chargement de « https://oo.domain.fr/onlyoffice/6.1.1-53/web-apps/apps/spreadsheeteditor/main/index.html?_dc=6.3.1-32&lang=fr&customer=ONLYOFFICE&frameEditorId=iframeEditor&parentOrigin=https://cloud.domain.fr » : « ALLOW-FROM https://cloud.domain.fr always » n’est pas une directive valide.index.html

I encountered this doc : https://developer.mozilla.org/fr/docs/Web/HTTP/Headers/X-Frame-Options which mention only two options (sameorigin or deny) and points allowfrom as deprecated.

What can we do now ? :open_mouth: This old thread should be revived...

[Jaxom99]

Turns out it works (bug was with ~ynh1) but the error is still displayed in console. Should I worry for next upgrades ?