In the DevTool of your web browser you have this kind of message because you’ve been to the url https://mydomain.com (or a completely different domain like https://anotherdomain.com) that contains an HTML page which includes an iframe of https://othersite.mydomain.com
This message means that the URL https://othersite.mydomain.com returned a X-Frame-Options header set to ‘DENY’, that simply means that the webserver that hosts https://othersite.mydomain.com refuses that you include it in another website (with same domain or not).
If you can manage configuration of the webserver where is hosted https://othersite.mydomain.com just add these two headers. For instance in apache webserver, include these two headers in the virtualHost of othersite.mydomain.com:
Header set X-Frame-Options: "ALLOW-FROM https://mydomain.com/" Header set Content-Security-Policy "frame-ancestors 'self' https://mydomain.com;"
The first line is for compatibility with old web browsers because as explained here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
“Note: The Content-Security-Policy HTTP header has a frame-ancestors directive which obsoletes this header for supporting browsers.”
Leave a Reply