X-frame-origin: what are my options for an iframe?

Hello there everyone!

I use a server management script and one of it’s features has been to embed a server monitoring script via i-frame. When I asked why the page no longer embedded properly, one of the developers stated that modern browsers block iframe embedding if the page is on a different port.

Is this something that can be overcome via either the iframe host or client page via setting x-frame-options?

Firefox console states:

Content Security Policy: The page’s settings blocked the loading of a resource at https://user@server.com/munin (“default-src”).

Thanks for your time!

This hasn’t got anything to do with the port. The problem here is that the website where the iframe is embedded in is sending a Content Security Policy that doesn’t include server.com to get iframes from.

To solve it, modify the Content Security Policy so it has frame-src https://server.com in there.

For more info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src