add_header X-Frame-Options DENY; seems not working for us.
we are intended to display one of our hosted page as an iframe for PCI related issues, and we are succeded in that but to avoid clickjacking, we were recommended to use x-frame-options DENY but we can't do that since we want our users to use the frame we developed, so the solution might be using x-frame-options ALLOW FROM uri.
we are trying add_header X-Frame-Options DENY; to see if our application is restricting the iframe in the first place but the iframe is still visible. we verified several times if the add header might be in wrong place in the nginx conf, but it is not.
P.S. the below image is for ref but we can still see the angular application rendering the frame succesfully :(
from add_header X-Frame-Options DENY; in nginx conf is not working, i can still see the iframe in our application

No comments:
Post a Comment