Agent sets http header “X-Frame-Options” to “SAMEORIGIN” but is there a way to override this?
I’m using Rocky and this isn’t working:
context.setHeader("X-Frame-Options", "ALLOW-FROM My_own_domain.com" );
Instead now there are two X-Frame-Options returned and browser falls back to “DENY”.
My agent is generating small webpage that I’m trying to embed into IFrame running in my own domain and “ALLOW-FROM” is needed for this.