4

I am struggling with the X-Frame-Options. I have a HTML page and want to include (with an iframe) another HTML page. The first warning said:

Refused to display ../map.html in a frame because it set 'X-Frame-Options' to 'DENY'.

I tried this: 

Header append X-FRAME-OPTIONS "SAMEORIGIN"

as well as:

Header set X-FRAME-OPTIONS SAMEORIGIN

and this:

Header always append X-Frame-Options SAMEORIGIN

But then I also get this error:

Multiple 'X-Frame-Options' headers with conflicting values ('DENY, SAMEORIGIN') encountered when loading ../map.html. Falling back to 'DENY'.

I have searched trough all my files, but there is no .htaccess / httpd.conf file which contain the X-Frame Option DENY.

Cristian Ciupitu
  • 6,226
  • 2
  • 41
  • 55
Lonneke
  • 61
  • 1
  • 1
  • 4

2 Answers2

2

I found the default X-Frame Option 'DENY' in:

httpd-ssl.conf

I changed the 'DENY' in 'SAMEORIGIN', this was not the solution. Finally, I comment out the whole option. Now it is working.

Lonneke
  • 61
  • 1
  • 1
  • 4
-1

  1. Add below line in custom.conf

    Header set X-Frame-Options "SAMEORIGIN"

  2. Bounce Apache server

  3. Retest the issue.

Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
Vipul Megharaj
  • 1