I use
Header set X-Frame-Options SAMEORIGIN
in .htaccess
But i would like to have 1 html page that isn't blocked when shown in iframe on other websites.....
How can i make 1 exception?
CodePudding user response:
The Header
directive provides an additional argument that allows you to set the header conditionally based on whether an environment variable is set or not.
You could then set an env var when this one URL is requested. And only allow the header to be set when the env var is not set.
For example:
SetEnvIf Request_URI "^/one-page-not-blocked\.html$" DO_NOT_BLOCK
Header set X-Frame-Options SAMEORIGIN env=!DO_NOT_BLOCK
The above SetEnvIf
directive sets the env var DO_NOT_BLOCK
to the value 1
when the regex matches the requested URL.
The env=!DO_NOT_BLOCK
argument is successful when the env var is not set (denoted by the !
prefix).
This method allows you to add additional URLs to not block by simply adding more SetEnvIf
directives.