You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PROBLEM: When trying to view the website in Cloud IDE or in Campaign Studio preview, it fails with the error:
'This website blocks iframe previews with the x-frame-options: SAMEORIGIN header.'
SOLUTION: We need a way to allow DF sites to be opened in an iframe on specific domains.
BACKGROUD:
This appears that drupal provides this as a default (which is good in general), but it seems that X-Frame-Options is deprecated in favor of using Content-Security-Policy.
There is a core issue/patch that can help, but I think we may want a more reliable solution until core figure it out. This site describes how to make a simple module to remove the x-frame-options header and insert a content-security-policy header. Ideally, this is configurable through the admin UI, or something in settings.php. https://digitalist.global/talks/remove-x-frame-options-and-set-content-security-policy/
PROBLEM: When trying to view the website in Cloud IDE or in Campaign Studio preview, it fails with the error:
'This website blocks iframe previews with the x-frame-options: SAMEORIGIN header.'
SOLUTION: We need a way to allow DF sites to be opened in an iframe on specific domains.
BACKGROUD:
This appears that drupal provides this as a default (which is good in general), but it seems that X-Frame-Options is deprecated in favor of using Content-Security-Policy.
There is a core issue/patch that can help, but I think we may want a more reliable solution until core figure it out. This site describes how to make a simple module to remove the x-frame-options header and insert a content-security-policy header. Ideally, this is configurable through the admin UI, or something in settings.php.
https://digitalist.global/talks/remove-x-frame-options-and-set-content-security-policy/
There is also a CSP module that might could be extended (or may offer this option).
https://medium.com/myplanet-musings/drupal-8-content-security-policy-header-65d408c355a9
The text was updated successfully, but these errors were encountered: