javascript - how to drop X-Frame-Options response headers,, allowing app to be iframed -


my original issue is... i'm getting facebook dialog error: an error ocurred. please try again later.

the thing solving issue installing chrome extension...

ignore x-frame headers (https://chrome.google.com/webstore/detail/ignore-x-frame-headers/gleekbfjekiniecknbkamfmkohkpodhe)

so suspect due browser content policy..

tested on: chrome , safari

os: mac osx 10.10

server: localhost/nodejs

i try solve issue installing browser-policy package , setup...

server/policy.js

meteor.startup(function () {   browserpolicy.framing.allowall();   browserpolicy.content.allowinlinescripts();   browserpolicy.content.alloweval();   browserpolicy.content.allowinlinestyles();   browserpolicy.content.allowdataurlforall();   browserpolicy.content.allowsameoriginforall(); });  browserpolicy.framing.allowall(); browserpolicy.content.allowinlinescripts(); browserpolicy.content.alloweval(); browserpolicy.content.allowinlinestyles(); browserpolicy.content.allowdataurlforall(); browserpolicy.content.allowsameoriginforall(); 

however come issue: external resources (font, javascript facebook sdk, etc) couldn't loaded due violating content security policy..

summary

i need drop x-frame-options response headers,, allowing iframed facebook,, either use browser policy or not... , of course without forcing users install extension...

any appreciated... thank youu,,

you can set response header of requests coming server following value

"x-frame-options", "allow-from samedomain, www.facebook.com/myfbsite"

you can globally setting header via filter


Comments