Error: Invalid 'X-Frame-Options' header



  • Invalid 'X-Frame-Options' header encountered when loading 'https://domain.com:4567/': 'ALLOW-FROM https://domain.com/' is not a recognized directive. The header will be ignored.

    While loafing into iframe, getting this error. It may be an issue if it stops working completely as this header directive is already obsolete.

    According MDN documents, ALLOW-FROM uri is no more a part of X-Frame-Options header.

    Also, In latest version of NodeBB, it is getting used and throwing error. We tried multiple patches/subversions of version 12 and 13. But no luck.

    Please share if we have any solution or workaround for the same.


  • Admin Staff

    You need to set allow-from-uri to empty string so it uses SAMEORIGIN.

    'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : 'SAMEORIGIN',
    

    We will have to update the code since ALLOW-FROM seems to be deprecated.

    https://github.com/NodeBB/NodeBB/issues/8432

    barisusakli created this issue in NodeBB/NodeBB

    open update ALLOW-FROM #8432


Log in to reply
 

Suggested Topics

  • 1
  • 9
  • 4
  • 4
  • 8
| |