SAMEORIGIN and multiple ALLOWFROM X-Frame-Options

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I have been using the following successfully in HTTPD config for some time:

Header always set X-Frame-Options SAMEORIGIN

The SAMEORIGIN is required for our use but now I am getting a request to allow X-Frame-Options to include specific URL's, say:

https://example1.com
https://example2.com

In researching a bit, I found this suggesting this format:

Header always set X-Frame-Options SAMEORIGIN
Header always append X-Frame-Options "ALLOW-FROM https://example1.com/"
Header always append X-Frame-Options "ALLOW-FROM https://example2.com/"

However, when I tested it the response is:

example.com refused to connect

Is this the proper way to set up this need (SAMEORIGIN and multiple URL allows)?  Are there any concerns with this type of configuration?

Any guidance is appreciated.

TIA,

HB
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux