Hi guys,
I just read ticket #25436. I can't seem to reply to that ticket but I ran into something related.
I want to show a certain page of my website in an iframe. This page has it's own clean joomla template without any of our corporate style or visual identity in it. There's just clean, unstyled html ourput.
When I:
- disable the X-frame-options in Admin tools and
- set the X-frame-origins header with PHP for my default corporate template
- do not set this header with PHP in the other template
- blocked using ?tmpl in the querystring with admin tools
At least then I have some sort of mediocre solution to avoid clickjacking for our official looking webpages. Only the other basic template can be iframed.
At least untill Chrome and Safari properly support X-frame-origin.
Would this be better than nothing, you think?
Regards,
Wim
I just read ticket #25436. I can't seem to reply to that ticket but I ran into something related.
I want to show a certain page of my website in an iframe. This page has it's own clean joomla template without any of our corporate style or visual identity in it. There's just clean, unstyled html ourput.
When I:
- disable the X-frame-options in Admin tools and
- set the X-frame-origins header with PHP for my default corporate template
- do not set this header with PHP in the other template
- blocked using ?tmpl in the querystring with admin tools
At least then I have some sort of mediocre solution to avoid clickjacking for our official looking webpages. Only the other basic template can be iframed.
At least untill Chrome and Safari properly support X-frame-origin.
Would this be better than nothing, you think?
Regards,
Wim
