Mautic: 'X-Frame-Options' to 'sameorigin'

Created on 5 May 2019 · 1Comment · Source: mautic/mautic

Hello guys, first time here!

Have been in trouble to use a Mautic form in my landing page, got always the same error when trying to post the form via js..

Refused to display 'https://mkt.xxx.xx/form/submit?formId=1' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

My Mautic installation respond from the subdomain mkt.xxx and I'm trying to shoot the form from apex subdomain (root) but always got the same error.

I'm already set up on Mautic configuration to restrict domains (CORS) but nothing seens to work.

My version is 2.15.1, using from bitnami on aws.

Thank you for any help.

pending-feedback

Source

paulogr

Most helpful comment

@paulogr I was running into the same issue half a year ago. At that time there were some issues on github mentioning this problem but none of them really apply.

My problem was that mautic was running on a subdomain which was placed in a subfolder of the webroot where the main site was running. The main site's .htaccess had a line: Header always append X-Frame-Options SAMEORIGIN. This prevented the iframe to send back information tot the mautic form's iframe.

After adding the following line to .htaccess inside the mautic folder things worked like a charm again:
Header always unset X-Frame-Options.

You'll have to add this line every time you update Mautic.

wderuijter on 7 May 2019

❤2 👍2

>All comments

@paulogr I was running into the same issue half a year ago. At that time there were some issues on github mentioning this problem but none of them really apply.

After adding the following line to .htaccess inside the mautic folder things worked like a charm again:
Header always unset X-Frame-Options.

You'll have to add this line every time you update Mautic.

wderuijter on 7 May 2019

❤2 👍2

Was this page helpful?

0 / 5 - 0 ratings