Friday 15 May 2015

node.js - Having "Invalid 'X-Frame-Options' header" even I have set up "allow-from" header -



node.js - Having "Invalid 'X-Frame-Options' header" even I have set up "allow-from" header -

in express app, running on dev.example.com, have line:

// on own domain: dev.example.com on port 80 server.use(helmet.xframe('allow-from', 'http://example.com')); ... server.get('/content', function(req, res) { .... });

and on express app running on example.com:9000 , have page (index) in iframe:

<div> <iframe src="http://dev.example.com/content" width=10 height=10></iframe> </div>

however, when go example.com/ there error saying:

invalid 'x-frame-options' header encountered when loading 'http://dev.example.com/content': 'allow-from http://example.com' not recognized directive. header ignored.

i tried:

server.use(helmet.xframe('sameorigin')); or server.use(helmet.xframe('allow-from', 'http://example.com:9000'));

none of them work. idea?

node.js express x-frame-options

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)