Skip to content
  • Home
  • Categories
  • Recent
  • Popular
  • World
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo
v3.10.3 Latest
Buy Hosting
  1. Home
  2. NodeBB Development
  3. Bug Reports
  4. Error: Invalid 'X-Frame-Options' header

Error: Invalid 'X-Frame-Options' header

Scheduled Pinned Locked Moved Bug Reports
error
4 Posts 2 Posters 1.9k Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T Offline
    T Offline
    tomar
    wrote on last edited by
    #1

    Invalid 'X-Frame-Options' header encountered when loading 'https://domain.com:4567/': 'ALLOW-FROM https://domain.com/' is not a recognized directive. The header will be ignored.

    While loafing into iframe, getting this error. It may be an issue if it stops working completely as this header directive is already obsolete.

    According MDN documents, ALLOW-FROM uri is no more a part of X-Frame-Options header.
    https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

    Also, In latest version of NodeBB, it is getting used and throwing error. We tried multiple patches/subversions of version 12 and 13. But no luck.

    Please share if we have any solution or workaround for the same.

    1 Reply Last reply
    1
    • barisB Offline
      barisB Offline
      <baris> NodeBB
      wrote on last edited by baris
      #2

      You need to set allow-from-uri to empty string so it uses SAMEORIGIN.

      'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : 'SAMEORIGIN',

      We will have to update the code since ALLOW-FROM seems to be deprecated.

      https://github.com/NodeBB/NodeBB/issues/8432

      1 Reply Last reply
      1
      • T Offline
        T Offline
        tomar
        wrote on last edited by
        #3

        @baris Thanks for adding this to the improvement list.

        Please let me know if there is any update on the same.

        Thanks

        barisB 1 Reply Last reply
        0
        • barisB Offline
          barisB Offline
          <baris> NodeBB
          replied to tomar on last edited by
          #4

          @tomar https://github.com/NodeBB/NodeBB/commit/46ab2711d49db6a98502a62fc2fe39387b107603

          1 Reply Last reply
          0

          Copyright © 2024 NodeBB | Contributors
          • Login
          • Don't have an account? Register
          • Login or register to search.
          Powered by NodeBB Contributors
          • First post
            Last post
          0
          • Home
          • Categories
          • Recent
          • Popular
          • World
          • Top
          • Tags
          • Users
          • Groups
          • Documentation
            • Home
            • Read API
            • Write API
            • Plugin Development