Load denied by X-Frame-Options

Apache2 requires some additional configuration to work with HTTPS and FrontAccounting.

I have been working on migrating my private production environment to HTTPS (HTTPS for Ubuntu Apache with Self-Signed Certificates). Everything was going well until I found FrontAccounting was not working as it would not display existing items in Items and Inventory / Items or add new items. The Firefox Browser Console had messages saying that requests had been blocked due to ‘Load denied by X-Frame-Options’.

Fortunately Mozilla had a very clear explanation of the issue and the required settings to make it work.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

Adding an extra setting (‘Header always set X-Frame-Options SAMEORIGIN’) to the virtual host configuration corrected the issue.

So my configuration was now:


<virtualhost *:443>
  ServerName fa24.local
  DocumentRoot "C:\Users\shipl\htdocs\fa24"
  <directory "C:\Users\shipl\htdocs\fa24">
    Options Indexes FollowSymLinks Includes ExecCGI
    AllowOverride All
    Require all granted
    SSLRequireSSL
  </directory>

  Header always set X-Frame-Options SAMEORIGIN

  SSLEngine on
  SSLCertificateFile "C:\Apps\xampp\apache\conf\ssl.crt\fa-selfsigned.crt"
  SSLCertificateKeyFile "C:\Apps\xampp\apache\conf\ssl.key\fa-selfsigned.key"
</virtualhost>

24 views

Need help? Let me take of your IT issues.

Share this page

Close Menu