Issue
I wanted to know what security headers are related to iframe loading and may cause that iframe doesn't get loaded
I used nuxt-helmet to set security headers in my nuxt project and it caused that when I upload my site to the server locally and with using Nginx to reverse proxy to a domain address iframes doesn't get loaded
I think it's because some headers are set to same-origin but my project runs on localhost and gets proxied to the domain by Nginx so same-origin doesn't get applied here !? Am I right !?
anyways when I disabled nuxt-helmet iframes got loaded
The site that I'm working on is this-> https://app1.tabachain.com/blog
now nuxt-helmet is disabled but I'm looking to know what header cause an iframe doesn't get loaded?
nuxt-helmet sets these headers but I am not familiar with all of them !
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
As I checked problem isn't from x-frame-options header cause I disable it in nuxt helmet config totally and still I've same issue you can visit the site now and see headers there too
Solution
I found that my issue was because of this header: Cross-Origin-Embedder-Policy: require-corp
I fixed this issue by disabling it with nuxt-helmet configs
helmet: {
crossOriginEmbedderPolicy: false,
},
The issue wasn't from x-frame-options
Answered By - Mehdi Rafiee Answer Checked By - Marilyn (PHPFixing Volunteer)
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.