1. 首頁
  2. 問答
  3. Firebase託管iframe錯誤與X框架選項

Firebase託管iframe錯誤與X框架選項

2016-11-07 37 views
0

我需要使用iframe幾個頁面託管與firebase,但它給我的X框架選項錯誤,其中一個iframe是爲圖庫託管在picasa上,和anohter ifrmae的聯繫表格Firebase託管iframe錯誤與X框架選項

這裏(因爲我不可能通過火力:(發送的電子郵件)是錯誤

Refused to display 'https://get.google.com/albumarchive/pwa/11111/album/1111?source=pwa#slideshow/1111' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. 
jquery.min.js:2 Uncaught DOMException: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "https://demodomain.com" from accessing a cross-origin frame.

我這樣做與firebase.json但沒有工作

"headers": [ 
    { 
     "source": "**/*", 
     "headers": [ 
     {"key": "X-Content-Type-Options", "value": "nosniff"}, 
     {"key": "X-Frame-Options", "value": "ALLOW"}, 
     {"key": "X-UA-Compatible", "value": "ie=edge"}, 
     {"key": "X-XSS-Protection", "value": "1; mode=block"} 
     ] 
    } 
]

來源

2016-11-07 Rizwan Yahya

+0

你有沒有發現這方面的任何解決方案? – Goyllo

回答

0

你有正確的想法你只是設置了錯誤的價值。對於X-Frame-Options標頭,ALLOW不是可接受的值。您可以設置ALLOW-FROM值,然後指定您希望允許嵌入的URI。請參閱下面的更多文檔。

FIX:

"headers": [{ 
    "source": "**/*", 
    "headers": [ 
    {"key": "X-Content-Type-Options", "value": "nosniff"}, 
    {"key": "X-Frame-Options", "value": "ALLOW-FROM https://get.google.com"}, 
    {"key": "X-UA-Compatible", "value": "ie=edge"}, 
    {"key": "X-XSS-Protection", "value": "1; mode=block"} 
    ] 
}]

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

來源

2017-10-16 02:27:02 Newman

相關問題

 相關問題