php X-Frame-Options 拒绝加载:不允许跨域成帧
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/25933700/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Load denied by X-Frame-Options: does not permit cross-origin framing
提问by Débasish Nayak
I am using laravel 4 for one of my development where i am trying to load an iframe using cross origin call. But it throws an error like "Load denied by X-Frame-Options: does not permit cross-origin framing".
我正在使用 laravel 4 作为我的开发之一,我试图使用跨源调用加载 iframe。但它会引发类似“X-Frame-Options 拒绝加载:不允许跨域框架”之类的错误。
I am trying to set a headers like:
我正在尝试设置一个标题,如:
header('X-Frame-Options: ALLOW-FROM SAMEORIGIN');
header('X-Frame-Options: ALLOW-FROM GOFORIT');
But still i am getting the above issue. Please suggest if i am missing something.
但我仍然遇到上述问题。请建议我是否遗漏了什么。
回答by Quentin
When you use ALLOW-FROMyou have to specify a URL, not an alternative value.
使用ALLOW-FROM时必须指定 URL,而不是替代值。
Using SAMEORIGINexplicitly blocks cross origin calls.
使用SAMEORIGIN显式阻止跨源调用。
When using that or GOFORITyou have to specify that as the only value.
使用时,或者GOFORIT您必须将其指定为唯一值。
So you want:
所以你要:
header("X-Frame-Options: GOFORIT");
Note that GOFORITis the defaultbehaviour, so you will probably have to remove some other code that is denying access.
请注意,这GOFORIT是默认行为,因此您可能必须删除一些其他拒绝访问的代码。
Note also that the X-Frame-Optionsheader must grant permission from the page being displayed in the frameand not the page containing the <iframe>tag itself. You can't give yourself permission to put other sites in a frame.
另请注意,X-Frame-Options标题必须授予框架中显示的页面的权限,而不是包含<iframe>标签本身的页面。您不能允许自己将其他站点放入框架中。
