• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Please beaware of a breaking change in the REST API on the next Plesk release (18.0.62).
    Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Read more here

Question Control Panel in iFrame / X-Frame-Options

Linus

Linus

New Pleskian
In Plesk Onyx there wasn't any X-Frame-Options Headers at all, so it was easy to implement the control panel in our customer center as an iframe.

With the new obsidian release there are new Response headers:
Code: 
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

If we now create the users session by the plesk API the browser is blocking the request.
After changing the /etc/sw-cp-server/conf.d/plesk.conf and adding the header
Code: 
X-Frame-Options: allow-from account.company.com
the browser is still blocking the request.

Any ideas to fix this issue?
 
Hi,

You need to hide the fastcgi header:fastcgi_hide_header X-Frame-Options;
You can add it in /etc/sw-cp-server/conf.d/{something}_plesk.inc

If you wish to restrict iframe to a specific url use the following in the same file:
add_header Content-Security-Policy "frame-ancestors 'self' https://{URL};"
 
You must log in or register to reply here.

Similar threads

A
Question How to use Clear-Site-Data header rule to clear browser cache
Replies
2
Views
1K
AntoineW
A
D
Input How to run Magento 2 on Plesk Obsidian 18 without Docker
Replies
6
Views
3K
WebHostingAce
WebHostingAce
N
Question NGINX & Wordpress(Woocommerce) Setup
Replies
0
Views
1K
nikosvl97
N
PeopleInside
Resolved Issue with Cors
Replies
16
Views
3K
PeopleInside
PeopleInside
H
Issue Set Webserver Option Globally
Replies
1
Views
778
IgorG
IgorG
Back
Top