Home > Blockchain >  Make 1 exception on X-Frame-Options SAMEORIGIN
Make 1 exception on X-Frame-Options SAMEORIGIN

Time:12-22

I use Header set X-Frame-Options SAMEORIGIN in .htaccess

But i would like to have 1 html page that isn't blocked when shown in iframe on other websites.....

How can i make 1 exception?

CodePudding user response:

The Header directive provides an additional argument that allows you to set the header conditionally based on whether an environment variable is set or not.

You could then set an env var when this one URL is requested. And only allow the header to be set when the env var is not set.

For example:

SetEnvIf Request_URI "^/one-page-not-blocked\.html$" DO_NOT_BLOCK

Header set X-Frame-Options SAMEORIGIN env=!DO_NOT_BLOCK

The above SetEnvIf directive sets the env var DO_NOT_BLOCK to the value 1 when the regex matches the requested URL.

The env=!DO_NOT_BLOCK argument is successful when the env var is not set (denoted by the ! prefix).

This method allows you to add additional URLs to not block by simply adding more SetEnvIf directives.

  • Related