weavejester
commented
8 years ago I don't believe that Chrome has an equivalent header, and there's nothing I can do in Ring-Headers to implement a feature in Chrome, I'm afraid.
Closed limist closed 8 years ago
weavejester
commented
8 years ago I don't believe that Chrome has an equivalent header, and there's nothing I can do in Ring-Headers to implement a feature in Chrome, I'm afraid.
daonsh
commented
6 years ago Any news?
weavejester
commented
6 years ago Any news about what? I'm not tracking what features Chrome supports.
jasalt
commented
1 month ago While ALLOW-FROM directive got deprecated according to mdn, Chromium 121.0.6167.139 seems to obey it. Generally Content-Security-Policy header's frame-ancestors directive should be used instead nowadays.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options#allow-from_origin
Thought to note as I ended up here from search.
As noted, the X-Frame-Options
:allow-fromis not fully supported by all browsers; most notably, Chrome does not support it. So is there a way to allow one's Clojure/Ring site to be served externally (different TLDomain website from one's own) using an iframe, in a way that's still secure against clickjacking while also working in Chrome please? Thanks in advance for any help!