13

I want to know whether it's possible to support X-Frame-Options for a different subdomain of same domain.

Politank-Z
  • 3,365
  • 2
  • 23
  • 28
user1268130
  • 844
  • 3
  • 14
  • 30
  • i have answered with other people to a question like yours it [stackoverflow here][1] [1]: http://stackoverflow.com/questions/6666423/overcoming-display-forbidden-by-x-frame-options – Arthur Tsidkilov Aug 11 '15 at 14:07

1 Answers1

1

There is an ALLOW-FROM uri for X-Frame-Options (honestly I haven't found a good example with multiple uri's). Unfortunately it is not supported by that many browser according to OWASP (although the article seems a bit outdated). It is recommended that you use CSP (Content Security Policy)

pjanssen
  • 1,020
  • 13
  • 32
  • How to use CSP? could you provide any example – user1268130 Jun 18 '15 at 03:11
  • I really don't have a real world example for you. But the link I provide should give you enough information and examples to get you up to speed. Also you can search StackOverflow for common questions. – pjanssen Jun 18 '15 at 07:31