Django Iframe在Firefox中为空，但在Chrome中工作正常

我有一个django应用程序，我正试图将它嵌入到另一个域的页面上。假设我的django应用程序位于

https://myapp.io

，我试图将其嵌入的页面位于

example.com

以下是我的iframe的外观：

<iframe src="https://myapp.io" style="border: medium none; min-height: 350px; overflow: hidden;" id="myIframe" scrolling="no"></iframe>

此请求在Chrome中工作，并且iframe的内容显示正确。但是，在Firefox中，iframe是空的

Chrome在页面加载时显示此控制台错误：

加载时遇到无效的“X-Frame-Options”标题 “：“ALLOW-FROM MYAPP.IO”不是可识别的 指令。标题将被忽略

在Firefox中，我可以用

https://w3schools.com

，iframe中将显示

w3schools.com

的内容

但是，在Firefox中开发者工具的网络选项卡中，显示浏览器已接收到iframe的内容。由于某种原因，它永远不会进入iframe

如何修复此问题并允许Firefox显示我的Iframe

编辑

为了排除JavaScript或其他任何有趣的事情，我已经将iframe设置为加载包含以下内容的页面，Firefox的行为没有改变

<html>
  <body>hi</body>
</html>

docker-compose.yml django配置

---

我通过将协议添加到

ALLOW-FROM

头中解决了这个问题

而不是

proxy_set_header X-Frame-Options'ALLOW-FROM myapp.io'

应该是

proxy\u set\u标题X-Frame-Options'ALLOW-FROMhttps://myapp.io';
设置最小高度对iframe没有帮助，因为iframe内容不会扩展iframe大小，您需要设置固定高度。我没有提到我正在使用库来正确调整iframe的大小。我只设置了最小高度，以使从固定高度到
iframesize
d的转换更加平滑。请注意，现在不推荐使用X-Frame-Options。改为使用内容安全策略HTTP头的frame-prevenents指令。进一步资料
<html>
  <body>hi</body>
</html>

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
  worker_connections  1024;
}

http {
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;

  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
  '"$http_user_agent" "$http_x_forwarded_for"';

  access_log  /var/log/nginx/access.log  main;

  sendfile        on;
  #tcp_nopush     on;

  keepalive_timeout  65;

  #gzip  on;

  upstream app {
    server django:5000;
  }

  server {
    listen 80;
    charset     utf-8;

    location / {
      # checks for static file, if not found proxy to app
      root /usr/share/nginx;
      try_files $uri @proxy_to_app;
    }

    # cookiecutter-django app
    location @proxy_to_app {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-Frame-Options 'ALLOW-FROM myapp.io';
      proxy_redirect off;
      proxy_pass   http://app;
    }
  }
}

version: '2'

volumes:
  postgres_data: {}
  postgres_backup: {}
  static: {}

services:
  postgres:
    build: ./compose/postgres
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - postgres_backup:/backups
    env_file: .env

  django:
    build:
      context: .
      dockerfile: ./compose/django/Dockerfile
    user: django
    depends_on:
      - postgres
      - redis
    command: /gunicorn.sh
    volumes:
      - static:/app/powerschool_apps/static/public
    env_file: .env

  nginx:
    build: ./compose/nginx
    depends_on:
      - django
    volumes:
      - static:/usr/share/nginx/static

    ports:
      - "0.0.0.0:80:80"


  redis:
    image: redis:latest

# SECRET CONFIGURATION
# ------------------------------------------------------------------------------
# See: https://docs.djangoproject.com/en/dev/ref/settings/#secret-key
# Raises ImproperlyConfigured exception if DJANGO_SECRET_KEY not in os.environ
SECRET_KEY = env('DJANGO_SECRET_KEY')

# This ensures that Django will be able to detect a secure connection
# properly on Heroku.
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

# SECURITY CONFIGURATION
# ------------------------------------------------------------------------------
# See https://docs.djangoproject.com/en/1.9/ref/middleware/#module-django.middleware.security
# and https://docs.djangoproject.com/ja/1.9/howto/deployment/checklist/#run-manage-py-check-deploy
SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
    'DJANGO_SECURE_HSTS_INCLUDE_SUBDOMAINS', default=True)
SECURE_CONTENT_TYPE_NOSNIFF = env.bool(
    'DJANGO_SECURE_CONTENT_TYPE_NOSNIFF', default=True)
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
X_FRAME_OPTIONS = 'ALLOW-FROM myapp.io'