On newer versions of Monitor, the Apache config will contain this line:
Header always append X-Frame-Options SAMEORIGIN
This is added for security purposes, but is likely to break external widgets.
In order to make external widgets work, users need to change this configuration to be more specific, for example with a rule like:
Header set Content-Security-Policy "frame-ancestors 'self' foo.bar.com;"
Users are encouraged to understand the purpose and effect of these policies before making changes: for the "frame-ancestors" example you may refer to the MDN docs on frame-ancestors.
Comments
0 comments
Please sign in to leave a comment.