Hi, I try to configure _headers with:
/*
Content-Security-Policy: frame-ancestors *
But its still not working and show the error in console:
«Refused to frame ‘https://goodpromo.site/’ because an ancestor violates the following Content Security Policy directive: “frame-ancestors ‘none’”.»
Can you help me to allow use iframe my site on any other sites with iframe?
If you do not own the https://goodpromo.site website then it will be prohibited from being displayed within an iFrame due the Content Security Policy being set from who owns the https://goodpromo.site websever.
However if you own the https://goodpromo.site you can set the response header using the code snippet below.
Note: The below code snippet is for setting the response headers if https://goodpromo.site is hosted using Netlify Functions.
If you are using a different web server then you will have to research on “How to set frame-ancestors in YOUR FRAMEWORK HERE”.
Hi @33077a, looks like your site is not served using Netlify functions. No need to click on any buttons.
Your iFrame should work by default if https://goodpromo.site/ is deployed using regular Netlify deployment methods.
The code below should display https://goodpromo.site/ in the iFrame. I tried it in my test environment and it works.
If the above does not help, how are you trying to set the iFrame and which framework are you using. Sharing a code snippet of how you are setting the iFrame will also be helpful for debugging.
Wow, that’s right, it’s working now and the X-Frame-Options protection is removed. Maybe Netlify needed a little more time for the changes to work, I don’t know. Thank you for seeing it, everything is working now! Thank you very much
Hi @33077a thanks for confirming Clarence’s solution helped resolved your problem! I’m happy to hear that. Please let us know if you have any other issues.