Best Practices/ Recipes
The button product works perfectly well with the chrome browser, but on the firefox browser the button needs an additional x-frame option to be entered to make the function better.
The added security is provided only if the user accessing the document is using a browser that supports
uriThe legacy Firefox implementation still suffered from a problem, it doesn't check the frame ancestors to see if they are in the same origin. The
Content-Security-PolicyHTTP header has a
frame-ancestorsdirective which you can use instead. We can add the following to the specification depending on the web engine :- X-Frame-Options : 'ALLOW-FROM https://rocketium.com' For Nginx It is either add_header X-Frame-Options 'ALLOW-FROM https://rocketium.com'; or proxy_set_header X-Frame-Options 'ALLOW-FROM https://rocketium.com'; For Apache Header always set X-Frame-Options "ALLOW-FROM https://rocketium.com"