How to block same-origin policy to load same domain in iframe?

by ryan.murray , in category: Javascript , 4 months ago

How to block same-origin policy to load same domain in iframe?

Facebook Twitter LinkedIn Telegram Whatsapp

1 answer

by haylee.mertz , 4 months ago

@ryan.murray 

To override the Same Origin Policy in a web browser for an iframe on the same domain, you can use the X-Frame-Options header. You can set this header to allow embedding the same domain in an iframe by setting it to "SAMEORIGIN" or "ALLOW-FROM".


Here's how you can do it:

  1. If you have access to the server configuration, you can set the X-Frame-Options header in the server response. For example, if you are using Apache, you can add the following line to your .htaccess file:
1
Header always set X-Frame-Options "SAMEORIGIN"


  1. If you are using a server-side scripting language like PHP, you can add the following code to set the X-Frame-Options header:
1
header("X-Frame-Options: SAMEORIGIN");


  1. If you don't have access to the server configuration, you can use the Content-Security-Policy header to allow embedding the same domain in an iframe. You can add the following line to the section of your HTML file:
1
<meta http-equiv="Content-Security-Policy" content="frame-ancestors 'self'">


By setting the X-Frame-Options header or using the Content-Security-Policy header, you can allow embedding the same domain in an iframe and bypass the Same Origin Policy restriction.