I have been trying to allow another website to display an iFRAME of a pdf from our website. When they try to iFRAME it is blank and the error is:
Load denied by X-Frame-Options: http://longurl.pdf does not permit cross-origin framing.
I attribute this error to our site as inspecting the headers shows me:
X-Frame-Options: SAMEORIGIN
It is a wordrpess/Genesis site so I added in my functions.php
add_action('send_headers', 'xframe_options');
function xframe_options(){
header("X-Frame-Options: ALLOW-FROM https://amdsb-on.safeschools.com/");
}
I am still getting the blank page and the exact same error on the https://amdsb-on.safeschools.com/ site when trying to display the iFRAME
When I inspect my site now I see:
X-Frame-Options: ALLOW-FROM https://amdsb-on.safeschools.com/, SAMEORIGIN
All my research tells me this is what you should do to allow a specific site to iFRAME yours. is it because it is a pdf? Is it because one site has SSL and one doesn't?
Thanks for any help you can provide.