Php 允许将我的站点嵌入iFrame
我的Nginx服务器将X-Frame头设置为DENY,这到目前为止还不错。但是现在我只需要允许我的站点的一个页面嵌入到我的域之外的iframe中 我尝试在为网页提供服务的控制器中使用php在应用程序级别解决此问题:Php 允许将我的站点嵌入iFrame,php,nginx,Php,Nginx,我的Nginx服务器将X-Frame头设置为DENY,这到目前为止还不错。但是现在我只需要允许我的站点的一个页面嵌入到我的域之外的iframe中 我尝试在为网页提供服务的控制器中使用php在应用程序级别解决此问题: header('X-Frame-Options: ALLOW-FROM 127.0.0.1'); 但当我尝试将页面嵌入到外部iframe时,得到的响应是: X-Frame-Options:ALLOW-FROM 127.0.0.1 X-Frame-Options:DENY 连接选项
header('X-Frame-Options: ALLOW-FROM 127.0.0.1');
X-Frame-Options:ALLOW-FROM 127.0.0.1
X-Frame-Options:DENY
连接选项(一组nginx配置和一组应用程序代码)也是如此吗?那么,如何允许服务器的单个页面嵌入到外部iframe中呢?为什么不编写一个简单的if-else语句呢?如果PHP检测到某个页面(URL),则允许嵌入iFrame,否则不允许嵌入iFrame。对于Django,我们这样解决它
location /the/page/you/want/to/expose/ {
add_header Access-Control-Allow-Origin *;
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/appsco/socket;
}
location / {
add_header X-Frame-Options DENY; #This is your catch all.
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/appsco/socket;
}
记住删除整个服务器的add_头。把它放进你的包袱里。对于Django用户,请查看
@frame\u deny\u emptionX-frame-Options:denyadd_header X-Frame-Options "ALLOW-FROM http://test.mysite-b.com";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP$
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 37.235.1.174 37.235.1.177 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;
add_header X-Frame-Options "ALLOW-FROM http://test.mysite-b.com";
add_header X-Content-Type-Options nosniff;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
Load denied by X-Frame-Options: https://test.mysite-b.com/ does not permit framing by https://mysite-b.com/iframe.html.
nginx服务器
add_headerfalse