Configure the X-Frame-Options add_headers correctly #3996
Comments
|
There are some instructions in the Troubleshooting section of https://freescout.net/module/knowledge-base/ |
|
thanks for the suggestion, starting from that article I learned that to allow multiple sources it is necessary to use the "ALLOW-FROM origin" directive of the X-Frame-Options, which however is obsolete, and some browsers may ignore it. Header set Content-Security-Policy "frame-ancestors 'self' address1 address2 .... addressN;" |
|
Try to add the following parameter in the .env file and clear cache: |
|
thanks for this other solution, I will try to apply it if after a trial period I still encounter difficulties, for now the CSP frame-ancestors declared in the Apache security configuration seem to work. Thanks again |
Good morning. I'm trying to integrate the Knowledge Base module widget into my intranet site. Clicking on the popup tells me that the site refused the connection.
This is because my Apache is configured to avoid cross-site scripting (XSS) attacks.
The setting that blocks attacks should be add_header X-Frame-Options set to "SAMEORIGIN".
I would also like to allow intranet servers to access the Knowledge Base, web servers can be reached by entering the same domain as the FreeScout server.
I would like help on how to configure my Apache to allow the opening of iframes also from certain URLs or IP addresses as well as from SAMEORIGIN.
Thank you!
PHP version: PHP 8.2.10-2ubuntu1
FreeScout version: 1.8.137
Database: MySQL / PostgreSQL: Mysql (8.0.35)
Are you using CloudFlare: Yes / No: NO
The text was updated successfully, but these errors were encountered: