X-Frame-Options sameorigin
HekMe opened this issue · comments
Ahoy.
Any ideas how to bypass X-Frame-Options sameorigin,
other than disabling it on destination server?
Thanks
Hi @hektor157,
you need to disable it on destination server... I think that this is the only way....
As I thought.
Thanks for answer.
You could also replace the header completely with the more flexible CSP header frame-ancestors
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors