Closed limist closed 8 years ago
I don't believe that Chrome has an equivalent header, and there's nothing I can do in Ring-Headers to implement a feature in Chrome, I'm afraid.
Any news?
Any news about what? I'm not tracking what features Chrome supports.
While ALLOW-FROM
directive got deprecated according to mdn, Chromium 121.0.6167.139 seems to obey it. Generally Content-Security-Policy
header's frame-ancestors
directive should be used instead nowadays.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options#allow-from_origin
Thought to note as I ended up here from search.
As noted, the X-Frame-Options
:allow-from
is not fully supported by all browsers; most notably, Chrome does not support it. So is there a way to allow one's Clojure/Ring site to be served externally (different TLDomain website from one's own) using an iframe, in a way that's still secure against clickjacking while also working in Chrome please? Thanks in advance for any help!