Open njoliat opened 6 years ago
(i found this old thread which seems like it's about the same issue; not sure if that's the case and/or whether anything has changed?)
Hi Nick. This does sound like the Safari issue we encountered. Unfortunately, we never found a completely satisfactory solution. However, that was over a year ago.
@pdpinch I'd imagine this has already been considered, but based on this page it does indeed seem like the X-Frame-Options field isn't supposed to be 'ALLOW', and maybe should be some kind of 'ALLOW-FROM' option instead. Do we know why this currently is showing up as 'ALLOW', and how it might be possible to change it?
hi, I have a project using pylti (based on mit_lti_flask_sample) which I've been testing in chrome and firefox. I recently tried it in safari and I get this error: "Invalid 'X-Frame-Options' header encountered when loading 'https://edge.edx.org/courses/course-v1:MITx+21m.030x+3T2017/xblock/block-v1:MITx+21m.030x+3T2017+type@lti_consumer+block@e3ab37cf7d6643a6a32edb9ea7783573/handler/lti_launch_handler': 'ALLOW' is not a recognized directive. The header will be ignored." has anyone had this kind of issue with LTI? thanks! Nick