node.js - Having "Invalid 'X-Frame-Options' header" even I have set up "allow-from" header -
in express app, running on dev.example.com, have line:
// on own domain: dev.example.com on port 80 server.use(helmet.xframe('allow-from', 'http://example.com')); ... server.get('/content', function(req, res) { .... });
and on express app running on example.com:9000 , have page (index) in iframe:
<div> <iframe src="http://dev.example.com/content" width=10 height=10></iframe> </div>
however, when go example.com/ there error saying:
invalid 'x-frame-options' header encountered when loading 'http://dev.example.com/content': 'allow-from http://example.com' not recognized directive. header ignored.
i tried:
server.use(helmet.xframe('sameorigin')); or server.use(helmet.xframe('allow-from', 'http://example.com:9000'));
none of them work. idea?
node.js express x-frame-options
No comments:
Post a Comment