x-frame-option=sameorigin

amsire2 · April 18, 2023, 1:42am

Hi, may I know on how to set x-frame-option=sameorigin in my phpmaker project?

mobhar · April 18, 2023, 6:02am

There is nothing you can do from PHPMaker project side.

X-Frame-Options works only by setting through the HTTP header, as in the examples below.Configuring Apache
To configure Apache to send the X-Frame-Options header for all pages, add this to your site’s configuration:

Header always set X-Frame-Options "SAMEORIGIN"

To configure Apache to set the X-Frame-Options DENY, add this to your site’s configuration:

Header set X-Frame-Options "DENY"

Configuring Nginx
To configure Nginx to send the X-Frame-Options header, add this either to your http, server or location configuration:

add_header X-Frame-Options SAMEORIGIN always;

Configuring IIS
To configure IIS to send the X-Frame-Options header, add this to your site’s Web.config file:

<system.webServer>
  …

  <httpProtocol>
    <customHeaders>
      <add name="X-Frame-Options" value="SAMEORIGIN" />
    </customHeaders>
  </httpProtocol>

  …
</system.webServer>

For more info, please read X-Frame-Options.

amsire2 · April 19, 2023, 7:06am

Where should I put this code Header always set X-Frame-Options “SAMEORIGIN”?

mobhar · April 19, 2023, 3:39pm

It actually depends on which web server are you using? If for example, you are using IIS, then add the code to your site’s Web.config file. Otherwise, you should put it in .htaccess file.

amsire2 · May 9, 2023, 3:12am

mobhar wrote:

It actually depends on which web server are you using? If for example, you
are using IIS, then add the code to your site’s > Web.config > file.
Otherwise, you should put it in > .htaccess > file.

So in .htaccess I just put the Header always set X-Frame-Options “SAMEORIGIN”. Is it correct?

mobhar · May 9, 2023, 3:17am

Yes, it is.