I’m working on allowing iframe embeds from another site to my phoenix server.
Here’s the trouble I’m running into:
Conn.put_resp_header(conn, "content-security-policy", "frame-src" 'self' https://mydomain")
results in the frame not displaying due to an error of ‘x-frame-options’ being set to “SAMEORIGIN” in chrome.
Conn.put_resp_header(conn, "x-frame-options", "ALLOW-FROM https://mydomain")
as suggested above allows the iframe to work. However, I still get an error, even though the frame displays.
Problem: This doesn’t seem to be a whitelist, but I’m not certain.
The iframe is properly displaying on my whitelisted domain, on a completely different webservice than my Phoenix server. However, I can use a different computer, not on the white list, to display an iframe containing the site when hosted locally with a simple index.html and
The error it displays when running the index.html on my local, non-whitelisted computer is:
Invalid 'X-Frame-Options' header encountered when loading 'http://myPhoenixServer 'ALLOW-FROM https://MyOtherHost' is not a recognized directive. The header will be ignored.
But, it still pulls the webpage from the phoenix host and displays it in the iframe, CSS/JS/HTML and all.