Laravel 拒绝在 iFrame 中显示为“'X-Frame-Options' to 'SAMEORIGIN'”。
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/41771125/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel refusing to display in iFrame as "'X-Frame-Options' to 'SAMEORIGIN'."
提问by littleswany
So I have built a form in Laravel and am hosting externally but I want to display this within a HTML page but am having issues with the X-Frame-Options.
所以我在 Laravel 中构建了一个表单并在外部托管,但我想在 HTML 页面中显示它,但在 X-Frame-Options 中遇到了问题。
The exact error message is:
确切的错误消息是:
Refused to display 'url' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
I have seen on previous StackOverflow answers that this is due to FrameGuard Middleware but this has since been removed and the issue line of code is not in that file.
我在之前的 StackOverflow 答案中看到这是由于 FrameGuard 中间件造成的,但此后已被删除,并且问题代码行不在该文件中。
Laravel Version 5.3.
Laravel 5.3 版。
I have also tried to set the X-Frame-Options in the Nginx config file using the flooring with no result:
我还尝试使用地板在 Nginx 配置文件中设置 X-Frame-Options,但没有结果:
sed -i 's/http\ {/http\ {\nadd_header X-Frame-Options SAMEORIGIN, false;\n\n/' /etc/nginx/nginx.conf
This error is occurring in multiple browsers, tested: Chrome & Safari
此错误发生在多个浏览器中,已测试:Chrome 和 Safari
采纳答案by Joe
Set your header on the response from the frame to
将帧响应的标头设置为
X-Frame-Options: ALLOW-FROM https://example.com/
where example.com is the domain requesting the form.
其中 example.com 是请求表单的域。
You could use middleware in laravel to do this.
你可以在 laravel 中使用中间件来做到这一点。
Generate a new middleware.
生成一个新的中间件。
php artisan make:middleware FrameHeadersMiddleware
then in the handle function of the middleware you just created do something like:
然后在您刚刚创建的中间件的 handle 函数中执行以下操作:
namespace App\Http\Middleware;
use Closure;
public function handle($request, Closure $next)
{
$response = $next($request);
$response->header('X-Frame-Options', 'ALLOW FROM https://example.com/');
return $response;
}
You can then add this to one of the middleware arrays in Kernel.php
然后,您可以将其添加到 Kernel.php 中的中间件数组之一
protected $middleware = [
App\Http\Middleware\FrameHeadersMiddleware::class
];
Or to one of the middleware group arrays if you want to add it only to specific routes.
或者如果您只想将其添加到特定路由,则添加到中间件组数组之一。
回答by Daniel Camargo
In my case, nginxwas the one preventing the access.
就我而言,nginx是阻止访问的原因。
Run:
跑:
grep -ri "X-Frame-Options" /etc/nginx
And check the output:
并检查输出:
/etc/nginx/snippets/ssl-params.conf:add_header X-Frame-Options DENY;
After replacing DENYto SAMEORIGINeverything started working as expected.
将DENY替换为SAMEORIGIN 后,一切都按预期开始工作。
