EFF
commented
2 years ago Closed dhspapa closed 2 years ago
EFF
commented
2 years ago 
daehli
commented
2 years ago Hello,
In your Nginx config have you tried to add this header
# Prevent displaying Botpress in an iframe (clickjacking protection)
add_header Content-Security-Policy "frame-ancestors *;"Or replace this header with this one
add_header X-Frame-Options SAMEORIGIN;to this
add_header Content-Security-Policy "frame-ancestors *;"
dhspapa
commented
2 years ago You mean inside Digital Ocean where botpress is hosted? Yes, I have tried but nothing happened..
Good evening, I have a problem in embeding Botpress. I have used Digital Ocean to host Botpress with a specific domain name. I am trying to embed it to a website. I used the embed documentation of Botpress but an error appears: "X-FRAME-OPTIONS SAMEORIGIN". I've tried to change the botpress x-frame-option from sameorigin to allow-from my_botpress_site_url through digital ocean in the nginx.conf file but nothing happened. I also tried to delete the whole command(add_header X-FRAME-OPTION.. etc) to allow all access and again nothing happened and the same error appeared. Do I have to change the x-frame-option in my other website to allow botpress to be embeded? Can you advise me or give me any recommendation? Thank you in advance