<iframe
src="https://google.com"
width="600"
height="300"
title="Demo Iframe"
frameborder="0"
> </iframe>Google.com will not be displayed in iframe. It is said that Google is refused to be connected. This is because that Google send out X-Frame-Options header
There are two values for this header
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGINTo set in apache httpd.conf
Header always append X-Frame-Options SAMEORIGINHeader always append X-Frame-Options DENYFor the first option, will display content of the same domain. For the second option, will not display content from any domain
Overwrite for one single page in httpd.conf Therefore pay.html can be used as src of iframe on other domains
Header always append X-Frame-Options SAMEORIGIN
<Location /pay.html>
# remove the SAMEORIGIN header
Header always unset X-Frame-Options
</Location>
No comments:
Post a Comment