Forum

Thread tagged as: Question, Problem, Configuration

Override X-Frame-Options for development?

Hello! I’ve just run into a snag while integrating my design/HTML into Perch. After adding the perch runtime to my pages, I'm no longer able to use the "Responsive Layouts" feature of my Web Developer Toolkit extension for Chrome. If you are not familiar with it, the Responsive Layouts feature displays the current page in a new tab/window, inserted into a series of little iframed viewports that mimic whatever viewport widths you want to keep an eye one — it's very handy for testing a design at multiple breakpoints simultaneously!

Before integration, this worked great. Since adding the Perch runtime to my pages, the little viewport iframes just appear blank. After much troubleshooting, I think I've tracked down the culprit to the following line in perch/core/lib/PerchUtil.class.php

line 1168        header('X-Frame-Options: deny');

From what I understand, the above line prevents questionable persons from inserting my site into an iframe for nefarious purposes. However, it also prevents me from using a tool that is a pretty integral part of my workflow.

Is it possible to add a line to my config — removed before the site goes live, of course — that will override this X-Frame-Options setting? Obviously, I don't want to go hacking about in Perch core!

Best, Abby

UPDATE My diagnostics...

SUMMARY INFORMATION

Perch: 2.8.13, PHP: 5.6.10, MySQL: mysqlnd 5.0.11-dev - 20120503 - $Id: 3c688b6bbc30d36af3ac34fdd4b7b5b787fe5555 $, with PDO
Server OS: Darwin, cgi-fcgi
Installed apps: content (2.8.13), assets (2.8.13), categories (2.8.13), perch_blog (4.6), perch_forms (1.8.3), perch_podcasts (1.1), perch_twitter (3.5.1)
App runtimes: <?php $apps_list = array( 'content', 'categories', 'perch_blog', 'perch_forms', 'perch_podcasts', 'perch_twitter' );
PERCH_LOGINPATH: /perch
PERCH_PATH: /Users/abby/Sites/_clients/fwc/fwc-2015/perch
PERCH_CORE: /Users/abby/Sites/_clients/fwc/fwc-2015/perch/core
PERCH_RESFILEPATH: /Users/abby/Sites/_clients/fwc/fwc-2015/perch/resources
Image manipulation: GD
PHP limits: Max upload 32M, Max POST 32M, Memory: 128M, Total max file upload: 32M
Resource folder writeable: Yes
SCRIPT_NAME: /perch/core/settings/diagnostics/index.php
REQUEST_URI: /perch/core/settings/diagnostics/
DOCUMENT_ROOT: /Users/abby/Sites/_clients/fwc/fwc-2015
HTTP_HOST: fwc-2015.dev
Abby Larsen

Abby Larsen 0 points

  • 6 years ago
Drew McLellan

Drew McLellan 2638 points
Perch Support

6 years ago

Sure, add this to your config:

define('PERCH_SECURITY_HEADERS', false);
Abby Larsen

Abby Larsen 0 points
Registered Developer

6 years ago

This is great, thank you!