Home
Support Forums

Change the HEADER X-Frame-Options to one of my environments

I am trying to display the front-end of my site http://qa.uno.com.au/ inside of an IFrame in my CMS (Sanity) and I am getting “Refused to display ‘Get a new home loan or refinance and earn 100,000 bonus Velocity Points | uno’ in a frame because it set ‘X-Frame-Options’ to ‘deny’.”

is this something that I can manage via netlify.toml file?

site name: mystifying-stonebraker-9e3541

Thanks.

As per MDN: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options, the allow value won’t work for modern browsers, except for same origin.

hey @carlos.claro did you figure this out? I am trying to do exactly the same thing.

@carlos.claro i got this working for my preview in sanity

Content-Security-Policy: frame-ancestors 'self' https://SANITYSITEID.sanity.studio,

Hi @isaac-martin had parked this for a bit but your solution looks promising, let me give a go!
Thanks.

Hey @isaac-martin was your change added to the .toml file? Thanks.

Mine was added to the headers field in gatsby-plugin-netlify however it outputs on build to my _headers file. Believe adding to toml does it the same.

can you elaborate how you put it into gatsby via the plugin?

   {
  resolve: "gatsby-plugin-netlify",
  options: {
  headers: {
      "/*": [
        "X-XSS-Protection: 1; mode=block",
        "X-Content-Type-Options: nosniff",
        "Referrer-Policy: same-origin",
        `Content-Security-Policy: frame-ancestors 'self' https://brex.sanity.studio`,
      ],
    },
  },
},
1 Like

Just put it above for you - let me know if that is enough.