Hi
I have implemented in my general Apache config ban of all cross-options for websites and block any iframes and stuffs like that
Unhappy one of my customer needs it as he sells photo services ! I tried these directives in the virtual apache both SSL and non SSL of the customer account:
Header set Access-Control-Allow-Origin "*"
Header set X-Frame-Options: "ALLOW-FROM https://iframetester.com/"
Restarted Apache but it still sends that header:
HTTP/1.1 302 Found
Date: Thu, 09 Feb 2023 14:30:59 GMT
Server: Apache
Strict-Transport-Security: max-age=31052000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Location: https://www.domainofmycustomer.fr/
Content-Length: 207
Connection: close
Content-Type: text/html; charset=iso-8859-1
General directives are not overridden by ones in virtual server ??
Thanks
Vincèn