I need to make the below setup in my website. All our websites are hosted in the IIS web-server. While all the websites are inter connected. By using the IFRAME we are loading the contents of the other websites due to multiple reasons. But recently we have applied the X-FRAME-OPTION:SAMEORIGIN, which is blocking the websites to load inside the IFRAME. Hence is it possible to control the header value. Basically we need to disable the header value for the internal websites.
Ex: I am hosting two websites in IIS Web-server, www.a.com and www.b.com also I load the contents of the www.b.com inside the www.a.com using the IFRAME feature. Recently we have enabled the X-FRAME-OPTIONS:SAMEORIGIN on www.b.com . Which in turn blocking the contents to load inside the www.a.com . Hence we need to disable the X-FRAME-OPTIONS only if the request is from the www.a.com.
Tried using the X-FRAME-OPTIONS:ALLOW-FROM URI. But few browsers are not supporting this. Hence could you please help me to resolve this issue. Please let me know if there are any alternatives.
Logically it is possible by checking the header request and enabling the X-FRAMEOPTIONS for those internal websites (White listing). I am stuck on this and please help.
Aucun commentaire:
Enregistrer un commentaire