Error: Invalid 'X-Frame-Options' header
While loafing into iframe, getting this error. It may be an issue if it stops working completely as this header directive is already obsolete.
According MDN documents, ALLOW-FROM uri is no more a part of X-Frame-Options header.
Also, In latest version of NodeBB, it is getting used and throwing error. We tried multiple patches/subversions of version 12 and 13. But no luck.
Please share if we have any solution or workaround for the same.
You need to set
allow-from-urito empty string so it uses
'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : 'SAMEORIGIN',
We will have to update the code since ALLOW-FROM seems to be deprecated.
@baris Thanks for adding this to the improvement list.
Please let me know if there is any update on the same.