Publish HTTPS content onto HTTP page using iframe with HTTPS page x-frame-option set to DENY

151 views Asked by At

Trying to publish HTTPS content (login form) using iframe onto HTTP page. Have permission, but do not have access to source code of HTTPS page.

Standard attempts to publish iframe do not work with this HTTPS page content. Appears that HTTPS page x-frame-option set to DENY.

Is there any way to embed/frame/etc. this HTTPS content onto HTTP page despite x-frame objections?

This is a WordPress site. Not sure if that is relevant here.

1

There are 1 answers

0
Alexander O'Mara On

No there is not, and this actually have nothing to do with HTTP or HTTPS, it's how the X-frame-Options header works.

When a resource returns the header of X-Frame-Options: DENY, it is not possible to show it in any iframe or iframe-like window, not even one on the same site.

You said you have permission though, so perhaps you can get the service you are using to use the ALLOW-FROM option for your service. Something like this could be configured to allow your site to frame it.

X-Frame-Options: ALLOW-FROM https://example.com/