Closed HekMe closed 6 years ago
Hi @hektor157, you need to disable it on destination server... I think that this is the only way....
As I thought.
Thanks for answer.
You could also replace the header completely with the more flexible CSP header frame-ancestors
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
Ahoy.
Any ideas how to bypass X-Frame-Options sameorigin, other than disabling it on destination server?
Thanks