133
rated 0 times
[
136]
[
3]
/ answers: 1 / hits: 50325
/ 10 Years ago, tue, march 4, 2014, 12:00:00
Update: This works for IE but Chrome is still throwing this error.
I am attempting to i-frame a site I own by another site I own. Here is error message I am getting in the JS console on Chrome:
Multiple 'X-Frame-Options' headers with conflicting values ('AllowAll, SAMEORIGIN, AllowAll') encountered when loading 'http://subdomain.mysite.com:8080/Dir/'. Falling back to 'DENY'.
Refused to display 'http://subdomain.mysite.com:8080/Dir/' in a frame because it set 'X-Frame-Options' to 'AllowAll, SAMEORIGIN, AllowAll'.
I did a search for SAMEORIGIN everywhere I am not setting this ANYWHERE.
The main site is www.mysite.com and the other site is subdomain.mysite.com. Obviously same-origin policies keep me from doing this.
So i have set the X-Frame-Options header on my subdomain.mysite.com to AllowAll. On the begin-request method i have added this:
HttpContext.Current.Response.Headers.Remove(X-Frame-Options);
HttpContext.Current.Response.AddHeader(X-Frame-Options, AllowAll);
HttpContext.Current.Response.AddHeader(Access-Control-Allow-Origin, *);
on the page level I have added this:
<meta name=x-frame-options content=allowall />
In Javascript i have added this:
<script type=text/javascript>
document.domain = mysite.com;
</script>
I am running out of things to try... Thank you in advance for your assistance.
More From » google-chrome
