X-Frame-Options SAMEORIGIN blocking iframe on my domain

php javascript jquery colorbox x-frame-options
SupFrig picture SupFrig · Aug 29, 2012 · Viewed 80.1k times · Source

i'm using http://www.jacklmoore.com/colorbox to display the content of an url in a lightbox. after implementation, the colorbox did'nt showed anything.

Later, i noticed the following error in chrome logs:

Refused to display document because display forbidden by X-Frame-Options.

so after documenting i added the following line to the root .htaccess of the website :

Header always append X-Frame-Options SAMEORIGIN

to allow iframe embedding on my own domain.

But i still get the error, i'm newbie to x-frame, and i'm working on an existing application, so i thought the .htaccess solution would be nice, but can it be overrided by some code ? Notice that it's not in the server configuration.

Answer

bogatyrjov picture bogatyrjov · Aug 30, 2012

Try sending another X-Frame-Options header, add

<?php header('X-Frame-Options: GOFORIT'); ?>

to the top of your page. It should disable the SAMEORIGIN command.

Related questions

How to get the jQuery $.ajax error response text?

I am sending an error response to my jQuery. However, I can not get the response text (in the example below this would be Gone to the beach) The only thing jQuery says is 'error'. See this example for details: …

Read More
how to bypass Access-Control-Allow-Origin?

I'm doing a ajax call to my own server on a platform which they set prevent these ajax calls (but I need it to fetch the data from my server to display retrieved data from my server's database). My ajax …

Read More
jQuery AJAX file upload PHP

I want to implement a simple file upload in my intranet-page, with the smallest setup possible. This is my HTML part: <input id="sortpicture" type="file" name="sortpic" /> <button id="upload">Upload</button> and …

Read More