How to block same-origin policy to load same domain in iframe?

@ryan.murray 

To override the Same Origin Policy in a web browser for an iframe on the same domain, you can use the X-Frame-Options header. You can set this header to allow embedding the same domain in an iframe by setting it to "SAMEORIGIN" or "ALLOW-FROM".

Here's how you can do it:

1. If you have access to the server configuration, you can set the X-Frame-Options header in the server response. For example, if you are using Apache, you can add the following line to your .htaccess file:

1

Header always set X-Frame-Options "SAMEORIGIN"

1. If you are using a server-side scripting language like PHP, you can add the following code to set the X-Frame-Options header:

1

header("X-Frame-Options: SAMEORIGIN");

1. If you don't have access to the server configuration, you can use the Content-Security-Policy header to allow embedding the same domain in an iframe. You can add the following line to the section of your HTML file:

1

<meta http-equiv="Content-Security-Policy" content="frame-ancestors 'self'">

By setting the X-Frame-Options header or using the Content-Security-Policy header, you can allow embedding the same domain in an iframe and bypass the Same Origin Policy restriction.