I have a domain in which I want to just allow some urls to be able to embed using Iframe, If I change comment bellow line I would be able to embed anything in my website to be shown as Iframe,But I don't want it to happen.
In other words, for example I just want to allow just these urls to be embed in other websites:
<iframe src="https://mywebsite.com/index.php#/embed/object?id=34"></iframe>
However I don't want other routes to be embed, like these:
<iframe src="https://mywebsite.com"></iframe>
<iframe src="https://mywebsite.com/index.php#/notembed/object?id=34"></iframe>
If I keep the X-Frame-Options: SAMEORGIN in my server configuration file, it would block any kind of iframe including above urls, in other hands if I remove it from my configuration file people can just embed anything in my website which is not secure.
The code is on EC2 , AWS. The domain is registered with Godaddy.com. And I use angularjs and php for coding.
The question is that is there anyway to just allow specific page exclusively to be allowed to embed using other websites?
Even if urls like this could be embed too that would be ok too:
https://mywebsite.com/embed/object?id=34