Riz*_*hya 4 routes cors firebase firebase-hosting
我需要对 Firebase 托管的页面使用几个 iframe,但它给了我 X-Frame-Options 错误,其中一个 iframe 用于 picasa 上托管的画廊,另一个 iframe 用于联系表单(因为我无法通过 firebase 发送电子邮件) :()
这是错误
Refused to display 'https://get.google.com/albumarchive/pwa/11111/album/1111?source=pwa#slideshow/1111' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
jquery.min.js:2 Uncaught DOMException: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "https://demodomain.com" from accessing a cross-origin frame.
我用 firebase.json 做到了这一点,但没有成功
"headers": [
{
"source": "**/*",
"headers": [
{"key": "X-Content-Type-Options", "value": "nosniff"},
{"key": "X-Frame-Options", "value": "ALLOW"},
{"key": "X-UA-Compatible", "value": "ie=edge"},
{"key": "X-XSS-Protection", "value": "1; mode=block"}
]
}
]
小智 7
你的想法是正确的,只是设置了错误的值。ALLOW 不是 X-Frame-Options 标头可接受的值。您可以设置 ALLOW-FROM 值,然后指定您希望允许嵌入哪个 uri。查看下面的更多文档。
使固定:
"headers": [{
"source": "**/*",
"headers": [
{"key": "X-Content-Type-Options", "value": "nosniff"},
{"key": "X-Frame-Options", "value": "ALLOW-FROM https://get.google.com"},
{"key": "X-UA-Compatible", "value": "ie=edge"},
{"key": "X-XSS-Protection", "value": "1; mode=block"}
]
}]
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
| 归档时间: |
|
| 查看次数: |
5638 次 |
| 最近记录: |