You must have Javascript enabled to experience this site.

Load denied by X-Frame-Options

Posted & filed under Blog, Coding Tips, FrontAccounting.

Apache2 requires some additional configuration to work with HTTPS and FrontAccounting.

I have been working on migrating my private production environment to HTTPS (HTTPS for Ubuntu Apache with Self-Signed Certificates). Everything was going well until I found FrontAccounting was not working as it would not display existing items in Items and Inventory / Items or add new items. The Firefox Browser Console had messages saying that requests had been blocked due to ‘Load denied by X-Frame-Options’.

Fortunately Mozilla had a very clear explanation of the issue and the required settings to make it work.

Adding an extra setting (‘Header always set X-Frame-Options SAMEORIGIN’) to the virtual host configuration corrected the issue.

So my configuration was now:

<virtualhost *:443>
  ServerName fa24.local
  DocumentRoot "C:\Users\shipl\htdocs\fa24"
  <directory "C:\Users\shipl\htdocs\fa24">
    Options Indexes FollowSymLinks Includes ExecCGI
    AllowOverride All
    Require all granted

  Header always set X-Frame-Options SAMEORIGIN

  SSLEngine on
  SSLCertificateFile "C:\Apps\xampp\apache\conf\ssl.crt\fa-selfsigned.crt"
  SSLCertificateKeyFile "C:\Apps\xampp\apache\conf\ssl.key\fa-selfsigned.key"