I am trying to display the front-end of my site http://qa.uno.com.au/ inside of an IFrame in my CMS (Sanity) and I am getting “Refused to display ‘https://qa.uno.com.au//find-me-a-home-loan-super-rewards/’ in a frame because it set ‘X-Frame-Options’ to ‘deny’.”
is this something that I can manage via netlify.toml file?
site name: mystifying-stonebraker-9e3541
Thanks.
As per MDN: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options, the allow value won’t work for modern browsers, except for same origin.
@carlos.claro i got this working for my preview in sanity
Content-Security-Policy: frame-ancestors 'self' https://SANITYSITEID.sanity.studio,
Hi @isaac-martin had parked this for a bit but your solution looks promising, let me give a go!
Thanks.
Mine was added to the headers field in gatsby-plugin-netlify however it outputs on build to my _headers file. Believe adding to toml does it the same.
can you elaborate how you put it into gatsby via the plugin?
{
resolve: "gatsby-plugin-netlify",
options: {
headers: {
"/*": [
"X-XSS-Protection: 1; mode=block",
"X-Content-Type-Options: nosniff",
"Referrer-Policy: same-origin",
`Content-Security-Policy: frame-ancestors 'self' https://brex.sanity.studio`,
],
},
},
},Just put it above for you - let me know if that is enough.