search

totaljs / openplatform

OpenPlatform v5 is a beautiful and simple portal for running, integrating and managing multiple 3rd party web applications.
https://www.totaljs.com/openplatform/
MIT License
95 stars 45 forks source link

X-Frame-Options sameorigin #11

Closed HekMe closed 6 years ago

HekMe commented 6 years ago

Ahoy.

Any ideas how to bypass X-Frame-Options sameorigin, other than disabling it on destination server?

Thanks

petersirka commented 6 years ago

Hi @hektor157, you need to disable it on destination server... I think that this is the only way....

HekMe commented 6 years ago

As I thought.

Thanks for answer.

teutat3s commented 5 years ago

You could also replace the header completely with the more flexible CSP header frame-ancestors

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors