-
Notifications
You must be signed in to change notification settings - Fork 472
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configure the X-Frame-Options add_headers correctly #3996
Comments
There are some instructions in the Troubleshooting section of https://freescout.net/module/knowledge-base/ |
thanks for the suggestion, starting from that article I learned that to allow multiple sources it is necessary to use the "ALLOW-FROM origin" directive of the X-Frame-Options, which however is obsolete, and some browsers may ignore it. Header set Content-Security-Policy "frame-ancestors 'self' address1 address2 .... addressN;" |
Try to add the following parameter in the .env file and clear cache:
|
thanks for this other solution, I will try to apply it if after a trial period I still encounter difficulties, for now the CSP frame-ancestors declared in the Apache security configuration seem to work. Thanks again |
Good morning. I'm trying to integrate the Knowledge Base module widget into my intranet site. Clicking on the popup tells me that the site refused the connection.
This is because my Apache is configured to avoid cross-site scripting (XSS) attacks.
The setting that blocks attacks should be add_header X-Frame-Options set to "SAMEORIGIN".
I would also like to allow intranet servers to access the Knowledge Base, web servers can be reached by entering the same domain as the FreeScout server.
I would like help on how to configure my Apache to allow the opening of iframes also from certain URLs or IP addresses as well as from SAMEORIGIN.
Thank you!
PHP version: PHP 8.2.10-2ubuntu1
FreeScout version: 1.8.137
Database: MySQL / PostgreSQL: Mysql (8.0.35)
Are you using CloudFlare: Yes / No: NO
The text was updated successfully, but these errors were encountered: