{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 啃猪蹄的小仙女 的问题《Laravel refusing to display in iFrame as “'X-F》','https://www.manongdao.com/q-648589.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
So I have built a form in Laravel and am hosting externally but I want to display this within a HTML page but am having issues with the X-Frame-Options.
The exact error message is:
Refused to display 'url' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
I have seen on previous StackOverflow answers that this is due to FrameGuard Middleware but this has since been removed and the issue line of code is not in that file.
Laravel Version 5.3.
I have also tried to set the X-Frame-Options in the Nginx config file using the flooring with no result:
sed -i 's/http\ {/http\ {\nadd_header X-Frame-Options SAMEORIGIN, false;\n\n/' /etc/nginx/nginx.conf
This error is occurring in multiple browsers, tested: Chrome & Safari
In my case, nginx was the one preventing the access.
Run:
And check the output:
After replacing DENY to SAMEORIGIN everything started working as expected.
Set your header on the response from the frame to
where example.com is the domain requesting the form.
You could use middleware in laravel to do this.
Generate a new middleware.
then in the handle function of the middleware you just created do something like:
You can then add this to one of the middleware arrays in Kernel.php
Or to one of the middleware group arrays if you want to add it only to specific routes.