由于“X-Frame-Options”到“SAMEORIGIN”,Laravel 4 拒绝加载 iframe
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24082504/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel 4 refuses to load iframe due to 'X-Frame-Options' to 'SAMEORIGIN'
提问by Prasanna Sundar
I am building a chrome extension in which I am showing an iframe on a popup from the Gmail home page. As Gmail home page is in HTTPS , my iframe should also be in https. I configured apache2 by enabling mod_ssl and got HTTPS working on apache2. I made a native PHP page and tried to show that on the frame which is on Gmail page. I had no problems it was loading the page from localhost. But when I wanted to use a Laravel backend, it showed me error.
我正在构建一个 chrome 扩展,其中我在 Gmail 主页的弹出窗口中显示 iframe。由于 Gmail 主页在 HTTPS 中,我的 iframe 也应该在 https 中。我通过启用 mod_ssl 配置了 apache2,并使 HTTPS 在 apache2 上运行。我制作了一个本机 PHP 页面并尝试在 Gmail 页面上的框架上显示它。我从本地主机加载页面没有问题。但是当我想使用 Laravel 后端时,它显示了错误。
Refused to display 'https://localhost/laravel/laravel/public/index.php/chromelogin' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
Refused to display 'https://localhost/laravel/laravel/public/index.php/chromelogin' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
Any Suggestions??
有什么建议??
回答by The Alpha
Add following line in your bootstrap/start.phpfile:
在您的bootstrap/start.php文件中添加以下行:
$app->forgetMiddleware('Illuminate\Http\FrameGuard');
回答by Eric Seyden
You can create a service provider and put this in the register() function
您可以创建一个服务提供者并将其放入 register() 函数中
$this->app->forgetMiddleware('Illuminate\Http\FrameGuard');
This way you can put in logic if you don't want to disable it for your whole application.
如果您不想为整个应用程序禁用它,您可以通过这种方式加入逻辑。
回答by totymedli
This is removed since 4.2
这从 4.2 开始被删除
Removing this by default in 4.2. Should be in an after filter - will leave FrameGuard class so people can add the middleware manually if they want.
在 4.2 中默认删除它。应该在后过滤器中 - 将离开 FrameGuard 类,以便人们可以根据需要手动添加中间件。
——泰勒·奥特威尔
You can confirm this If you look at the source code or search your project folder so you can see that the class is still under Illuminate\Http\Middlewarebut the only reference to it is in vendor/laravel/framework/src/Illuminate/Foundation/Console/Optimize/config.php:
如果您查看源代码或搜索您的项目文件夹,您可以确认这一点,以便您可以看到该类仍在下面,Illuminate\Http\Middleware但对它的唯一引用是vendor/laravel/framework/src/Illuminate/Foundation/Console/Optimize/config.php:
$basePath.'/vendor/laravel/framework/src/Illuminate/Http/Middleware/FrameGuard.php',
