创建帧重定向会导致Chrome丢弃X-Frame-Options错误
[英]Creating a frame redirect causes Chrome to throw X-Frame-Options error
问题描述
Refused to display 'http://sotaexchange.cloudapp.net/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
I redirect my domain sotaexchange.com to a Discourse forum but get the above error. 
我将我的域名sotaexchange.com重定向到Discourse论坛,但得到上述错误。 If I switch it to an HTTP redirect there is no problem. 如果我将其切换到HTTP重定向,则没有问题。 I assume the problem is because my redirected to domain has the same text as the original domain and looks like trickery - what can I do to prevent this? 我认为问题是因为我重定向到域与原始域具有相同的文本,看起来像诡计 - 我该怎么做才能防止这种情况?
Edit 编辑
I am opening a bounty to get a better answer. 我正在打开奖金以获得更好的答案。 For more info, I am currently using Windows Azure to host the discourse site and redirecting from a few other domains that I own. 有关详细信息,我目前正在使用Windows Azure来托管话语站点并从我拥有的其他几个域重定向。 I don't want to use an HTTP redirect, I would like to use the Frame redirect. 我不想使用HTTP重定向,我想使用Frame重定向。
2 个解决方案
解决方案1
1 2014-02-24 03:02:59
The same origin policy requires that the document or script doing the accessing (the parent) have the same protocol , port, and domain as the resource it's accessing (the child). 相同的源策略要求进行访问的文档或脚本(父级)具有与其访问的资源(子级)相同的协议,端口和域。
If I understand correctly, you have a frame in a page on the domain sotaexchange.com , and it's trying to display content from the domain sotaexchange.cloudapp.net . 如果我理解正确,您在域sotaexchange.com上的页面中有一个框架,并且它正在尝试显示来自域sotaexchange.cloudapp.net内容。 This violates the same origin policy, and many browsers will reject it. 这违反了相同的原始政策,许多浏览器会拒绝它。 A regular HTTP redirect should always be ok. 常规的HTTP重定向应始终没问题。
解决方案2
1 已采纳 2014-03-03 14:48:43
It looks like you are trying to mask the url of the forum. 看起来你正试图掩盖论坛的网址。 Why don't you use the cname feature? 你为什么不使用cname功能? See cname on azure for more info. 有关详细信息,请参阅azure上的cname 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.