问题描述

我正在尝试实现可嵌入的小部件，其功能类似于Twitter嵌入式推文.最简单的解决方案(虽然可能不是最好的)似乎是嵌入了iframe或HTML5-但两者都被服务器上的X-Frame-Options标头阻止.

I'm trying to implement an embeddable widget, functioning similar to a Twitter embedded tweet. The simplest solution, though maybe not the best, appears to be an iframe or HTML5 embed - but both are being blocked by the X-Frame-Options header on the server.

我正在完全控制的专用服务器上运行PHP 5.3和Apache 2.2.

I'm running PHP 5.3 and Apache 2.2 on a dedicated server under my full control.

我尝试将iframe PHP文件的第一行放在第一行:

I've tried placing on the first line of the very first line of the iframe PHP file:

header_remove("X-Frame-Options");

我尝试将以下内容添加到.htaccess:

I've tried adding the following to .htaccess:

Header unset X-Frame-Options

我已经检查了httpd.conf，vhost .conf文件，甚至是PHP.INI，并搜索了"x-frame"-两者显然都不相关.

I've checked httpd.conf, the vhost .conf file, even PHP.INI, and searched for "x-frame" - nothing apparently relevant in either.

在我看到的此服务器上，没有mod_security或其他插件应该将其注入.

No mod_security or other plugins that should be injecting this on this server that I see.

无论我做什么，curl都会验证以下HTTP标头:

Yet curl verifies the following HTTP header no matter what I do:

X-Frame-Options: DENY

是否存在某些可能仍在强制该标头进入的位置，也许是名称奇怪的设置?

Is there some, maybe oddly named setting somewhere that could still be forcing this header in?

推荐答案

X-Frame-Options由ssl.conf强制插入.

X-Frame-Options was forced in by ssl.conf.

注释掉并重新启动Apache，可以使.htaccess和PHP标头管理再次起作用.

Commenting out and restarting Apache allowed .htaccess and PHP header management to work again.

这篇关于没有什么可以取消X-Frame-Options的设置(Apache，PHP 5.3)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！