Firebase託管iframe錯誤與X框架選項

Question

我需要使用iframe幾個頁面託管與firebase，但它給我的X框架選項錯誤，其中一個iframe是爲圖庫託管在picasa上，和anohter ifrmae的聯繫表格

這裏（因爲我不可能通過火力:(發送的電子郵件）是錯誤

Refused to display 'https://get.google.com/albumarchive/pwa/11111/album/1111?source=pwa#slideshow/1111' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. 
jquery.min.js:2 Uncaught DOMException: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "https://demodomain.com" from accessing a cross-origin frame. 

我這樣做與firebase.json但沒有工作

"headers": [ 
    { 
     "source": "**/*", 
     "headers": [ 
     {"key": "X-Content-Type-Options", "value": "nosniff"}, 
     {"key": "X-Frame-Options", "value": "ALLOW"}, 
     {"key": "X-UA-Compatible", "value": "ie=edge"}, 
     {"key": "X-XSS-Protection", "value": "1; mode=block"} 
     ] 
    } 
] 

Answer 1

你有正確的想法你只是設置了錯誤的價值。對於X-Frame-Options標頭，ALLOW不是可接受的值。您可以設置ALLOW-FROM值，然後指定您希望允許嵌入的URI。請參閱下面的更多文檔。

FIX：

"headers": [{ 
    "source": "**/*", 
    "headers": [ 
    {"key": "X-Content-Type-Options", "value": "nosniff"}, 
    {"key": "X-Frame-Options", "value": "ALLOW-FROM https://get.google.com"}, 
    {"key": "X-UA-Compatible", "value": "ie=edge"}, 
    {"key": "X-XSS-Protection", "value": "1; mode=block"} 
    ] 
}] 

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options