Jump to content

Edit History

Andrei H

Andrei H

Hello,

First off, while the content inside that link seems to have been updated recently, please also have a look on the official MDN documentation on X-Frame-Options - as you can see, this feature is no longer recommended. You can still use it for old browsers, but you would want to pair it with the Content-Security-Policy header (specifically, frame-ancestors), as this is the recommended one.

Now, getting back to the actual subject. If you try and inspect the page, you will see that PrestaShop opens an iframe when you click that New product button. The deny option will not allow the page to be displayed in an iframe.

The option you might want to go with is Content-Security-Policy: frame-ancestors 'self' - which is the equivalent of X-Frame-Options: sameorigin (maybe pair it with this one as well, but  all modern browsers support CSP anyway) - this will ensure a page of your site can be opened in an iframe only by the same site.

Andrei H

Andrei H

Hello,

First off, while the content inside that link seems to have been updated recently, please also have a look on the official MDN documentation on X-Frame-Options - as you can see, this feature is no longer recommended. You can still use it for old browsers, but you would want to pair it with the Content-Security-Policy header (specifically, frame-ancestors), as this is the recommended one.

Now, getting back to the actual subject. If you try and inspect the page, you will see that PrestaShop opens an iframe when you click that New product button. The deny option will not allow the page to be displayed in an iframe.

The option you might want to go with is Content-Security-Policy: frame-ancestors 'self' - which is the equivalent of X-Frame-Options: sameorigin (maybe pair it with this one as well, but  all modern browsers support CSP anyway) - this will ensure a page of your site can be opened in an iframe only by the same site.

×
×
  • Create New...