X-Frame-Options
.
ALLOW-FROM
uri
The legacy Firefox implementation still suffered from a problem, it doesn't check the frame ancestors to see if they are in the same origin. The Content-Security-Policy
HTTP header has a frame-ancestors
directive which you can use instead.
We can add the following to the specification depending on the web engine :-
X-Frame-Options : 'ALLOW-FROM https://rocketium.com'
For Nginx
It is either
add_header X-Frame-Options 'ALLOW-FROM https://rocketium.com';
or
proxy_set_header X-Frame-Options 'ALLOW-FROM https://rocketium.com';
For Apache
Header always set X-Frame-Options "ALLOW-FROM https://rocketium.com"