Load denied by X-Frame-Options

Apache2 requires some additional configuration to work with HTTPS and FrontAccounting.

I have been working on migrating my private production environment to HTTPS (HTTPS for Ubuntu Apache with Self-Signed Certificates). Everything was going well until I found FrontAccounting was not working as it would not display existing items in Items and Inventory / Items or add new items. The Firefox Browser Console had messages saying that requests had been blocked due to ‘Load denied by X-Frame-Options’.

Fortunately Mozilla had a very clear explanation of the issue and the required settings to make it work.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

Adding an extra setting (‘Header always set X-Frame-Options SAMEORIGIN’) to the virtual host configuration corrected the issue.

So my configuration was now:


<virtualhost *:443>
  ServerName fa24.local
  DocumentRoot "C:\Users\shipl\htdocs\fa24"
  <directory "C:\Users\shipl\htdocs\fa24">
    Options Indexes FollowSymLinks Includes ExecCGI
    AllowOverride All
    Require all granted
    SSLRequireSSL
  </directory>

  Header always set X-Frame-Options SAMEORIGIN

  SSLEngine on
  SSLCertificateFile "C:\Apps\xampp\apache\conf\ssl.crt\fa-selfsigned.crt"
  SSLCertificateKeyFile "C:\Apps\xampp\apache\conf\ssl.key\fa-selfsigned.key"
</virtualhost>

163 views

Need help? Let me take of your IT issues.

Share this page

Share on facebook
Share on linkedin
Share on twitter
Share on print
Share on email
Close Menu