I have a WordPress site hosted on LightSail (which uses bitnami). The domain is https://example.com
On a subdomain https://sub.example.com
I have another server running. On this server, I want to embed a page from the main domain https://example.com/a-page
. Currently, I am getting errors that permission is denied.
I have updated the htaccess file like so:
Header set X-Frame-Options "ALLOW-FROM https://*.example.com"
Header set Content-Security-Policy "frame-ancestors 'self' https: *.example.com"
Header set Referrer-Policy "strict-origin-when-cross-origin"
But the headers don’t seem to updating or allowing any iframe embeds. I’m not very well-versed on HTTP Headers so apologies if this is a rather silly question.
Thanks!
2 Answers
I was able to figure out that because Lightsail uses a Bitnami deployment of WordPress, Bitnami overrides the .htaccess
file.
Instead you have to update the /opt/bitnami/apache2/conf/httpd.conf
file by adding the following content:
<IfModule headers_module>
<IfVersion >= 2.4.7 >
Header always setifempty X-Frame-Options ALLOW-FROM https://*.example.com
</IfVersion>
<IfVersion < 2.4.7 >
Header always merge X-Frame-Options ALLOW-FROM https://*example.com
</IfVersion>
</IfModule>
Reference:
https://docs.bitnami.com/bch/apps/livehelperchat/configuration/enable-framing/