Using .htaccess to turn off "Header Always append X-Frame-Options SAMEORIGIN" (Apache Users)

Using .htaccess to turn off "Header Always append X-Frame-Options SAMEORIGIN"

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: "users@xxxxxxxxxxxxxxxx" <users@xxxxxxxxxxxxxxxx>

Subject: Using .htaccess to turn off "Header Always append X-Frame-Options SAMEORIGIN"

From: Darryl Philip Baker <darryl.baker@xxxxxxxxxxxxxxxx>

Date: Wed, 28 Jul 2021 18:58:12 +0000

Accept-language: en-US

Reply-to: users@xxxxxxxxxxxxxxxx

Thread-index: AQHXg+KDHZhGBa1Y0kKHaUyV6v88FA==

Thread-topic: Using .htaccess to turn off "Header Always append X-Frame-Options SAMEORIGIN"

User-agent: Microsoft-MacOutlook/16.51.21071101

I have a request for a user where they want an iframe from elsewhere. I have “Header always append X-Frame-Options SAMEORIGIN” set globally. I have tried “Header unset Always unset X-Frame-Options” in the .htaccess file but I get a 500 error. I’ve tried various other ideas of values in .htaccess from the web but they all return a 500 error. I am looking for other ideas. I’d share my config files but they are ridiculous big and convoluted.

Darryl Baker, GSEC (he/him/his)

Sr. System Administrator

Distributed Application Platform Services

Northwestern University

1800 Sherman Ave.

Suite 6-600 – Box #39

Evanston, IL 60201-3715

darryl.baker@xxxxxxxxxxxxxxxx

(847) 467-6674