X-Frame-Options Allow From value to load site into web page widget?

  • 2
  • Question
  • Updated 2 years ago
  • Answered
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members.

Hello, we're trying to use a web page widget to embed info from one of our websites. Our sites return an X-Frame-Options header set to SAMEORIGIN by default, to prevent clickjacking. Can you please let us know what the ALLOW-FROM value should be for X-Frame-Options for us to be able to display content from our sites on the platform? Thanks.
Photo of Vincent Massaro

Vincent Massaro

  • 90 Points 75 badge 2x thumb

Posted 2 years ago

  • 2
Photo of Stuart Lees

Stuart Lees, Employee

  • 586 Points 500 badge 2x thumb
Hi Vincent,

You can try using the following value for ALLOW-FROM:

http://s3.amazonaws.com/widget-web-page/ 

One thing to note. The ALLOW-FROM does not allow for specifying multiple domains and does not permit the use of wildcards. The value I'm providing you will work for previewing or running your content on a display. However, when viewing your settings for the web page widget, you will likely still see a warning that your website is not allowed to be viewed within an iframe. You can safely ignore this. 

Let us know if you're still experiencing a problem with that ALLOW-FROM value. 

Thanks
Photo of Vincent Massaro

Vincent Massaro

  • 90 Points 75 badge 2x thumb
Thanks for that info, it is working now when using that value for X-Frame-Options.