• From: Australia
  • Registered: 01/25/2015
  • Posts: 32

Topic: Load denied by X-Frame-Options

Hi,

I have been working on migrating my private production environment (Ubuntu 16.04, Apache2) to HTTPS and found that there was an issue with FrontAccounting. The problem was that I could not edit or add items using Items and Inventory / Items as the JsHttpRequest would fail (leaving an explanation mark triangle). The issue was that the X-Frame-Options needed to be set in the Apache2 configuration.

The issue is described here:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

The details are described here:
http://paulshipley.id.au/blog/load-denied-by-x-frame-options

Hope this helps.

PaulShipley's Website

  • From: Singapore, India, Chennai
  • Registered: 05/02/2009
  • Posts: 6,089

Re: Load denied by X-Frame-Options

Thanks @PaulShipley.

Apache 2.4 config for https:

<virtualhost *:443>
  ServerName fa24.local
  DocumentRoot "C:\Users\shipl\htdocs\fa24"
  <directory "C:\Users\shipl\htdocs\fa24">
    Options Indexes FollowSymLinks Includes ExecCGI
    AllowOverride All
    Require all granted
    SSLRequireSSL
  </directory>

  Header always set X-Frame-Options SAMEORIGIN

  SSLEngine on
  SSLCertificateFile "C:\Apps\xampp\apache\conf\ssl.crt\fa-selfsigned.crt"
  SSLCertificateKeyFile "C:\Apps\xampp\apache\conf\ssl.key\fa-selfsigned.key"
</virtualhost>

apmuthu's Website