I am trying to use some site of mine as an iframe
from a different site of mine.
My problem is- the other site is always consistently changes his IP address and does not have an domain name.
So, I read that you can allo a specific domain by adding this lint to the /etc/nginx/nginx.conf
:
add_header X-Frame-Options "ALLOW-FROM https://subdomain.example.com/";
My question is: It is possible to allow my site to be imported as an iframe from all IP addressed and domains? What should I write in order to achieve this?
I am using Ubuntu 16.04 and nginx 1.10.0.
If you set it, then you can only set it to DENY, SAMEORIGIN, or ALLOW-FROM (a specific origin).
Allowing all domains is the default. Don't set the X-Frame-Options
header at all if you want that.
Note that the successor to X-Frame-Options
— CSP's frame-ancestors
directive — accepts a list of allowed origins so you can easily allow some origins instead of none, one or all.