How to Handle iFrame Blocking

Some websites cannot be displayed inside an iFrame (iFrame blocking). In order to allow your website to be hosted inside the Roojoom frame please follow the below instructions regarding your webpage HTTP Header.

 

  • Option 1

    Remove the HTTP header below:

    X-FRAME-OPTIONS: SAMEORIGIN
    Or
    X-FRAME-OPTIONS: DENY


  • Option 2

    In case your HTTP Header is

    X-FRAME-OPTIONS: SAMEORIGIN

    First, you need to setup a private domain while using Roojoom.
    Click here to learn about private domain setup

    Second, in order for the sub domains to allow interaction, the http headers need to be updated to:
    ------------------------------------------------------
    Content-Security-Policy: frame-ancestors ‘self’ example.com *.example.com
    X-Content-Security-Policy: frame-ancestors ‘self’ example.com *.example.com
    X-FRAME-OPTIONS: ALLOW-FROM https://roojoom.example.com 
    ------------------------------------------------------
    * NOTE: if allow-from is starting with https then the CJs must run in HTTPS mode too.
     

    Detailed explanation:
    Current server headers:
    ------------------------------------------------------
    X-Frame-options: SAMEORIGIN
    ------------------------------------------------------
    This was probably added for security reasons.
    However it blocks the ability of roojoom to host the content pages.
     
     
    Suggested new server headers:
    ------------------------------------------------------
    Content-Security-Policy: frame-ancestors ‘self’ example.com *.example.com
    X-Content-Security-Policy: frame-ancestors ‘self’ example.com *.example.com
    X-FRAME-OPTIONS: ALLOW-FROM https://roojoom.example.com 
    ------------------------------------------------------
     
     
    Headers Explanation:
    1. X-FRAME-OPTIONS: ALLOW-FROM - will un-block the issue in Microsoft Internet Explorer >8
    2. Content-Security-Policy: frame-ancestors will un-block the issue in Chrome + Firefox 
    3. X-Content-Security-Policy: frame-ancestors will un-block the issue in Microsoft Internet Explorer 10
    references:


    Example:
  • top domain: example.com
  • site content in: www.example.com
  • private domain (in roojoom): roojoom.example.com


Have more questions? Submit a request

0 Comments

Article is closed for comments.