SOLVED Modal content blocked
I'm using a gallery component.
Clicking on a picture in this gallery opens a modal.
This modal contains another page, which is already published.
When I open the preview link, and click on the picture, the modal opens but its content won't load / it won't display anything, and I get this error in the console:
"Mixed Content: The page at 'https://visigo-3fe790.appdrag.site/preview/projets-proposition-2.html?from-preview=1&from=projets-proposition-2×tamp=1641832361546' was loaded over HTTPS, but requested an insecure frame 'http://www.visigo.fr/preview/projets-covea.html'. This request has been blocked; the content must be served over HTTPS."
Do you have any clue where that could be coming from? And how to fix this?
@jbenguira Hi! I changed the link to use the link with httpS and it still did not work, I had an error in the modal:
www.visigo.fr refused to connect.
but the console told me that X-Frame-Options "SAMEORIGIN" in the http headers were causing that.
So I'm not really sure what the best strategy is if we want to use X-Frame-Options, do you have a recommendation?
Because when I removed it from headers, the modal was working perfectly.
Joseph Benguira last edited by
@myriam-mira indeed X-Frame-Options "SAMEORIGIN" is made to block traffic from iframe from a different origin ...
you either you remove that custom header, or instead you configure it to allow your other origin (the domain when it needs to be accessible)
X-Frame-Options: ALLOW-FROM XXXXXXXXXXX
where XXXXXXXXXXX is the domain to allow access from