AbanteCart Community
eCommerce construction => How-to questions => Topic started by: Jimako on July 06, 2020, 02:34:12 AM
-
Hello,
I noticed in changelog that there was this change:
Enforce same-origin iframe use only
And from controller.php I can see that there is some test rt parm and embed mode
I need to display a full product page inside an iframe (different domain). How the URL should look to pass this test now?
Thank you
-
it's a security policy question.
We had add defense from clickjacking attack into core/engine/controller.php file to prevent exactly your case.
Somebody can cover checkout details fields by it's own js-script keylogger from parent frame. That's why we added this solution. To prevent theft.
That's why we recommends to use embed mode for including store into your existing site.
If you still prefer to use your own iframe you can to replace header call in the file core/engine/controller.php
$this->response->addHeader('X-Frame-Options: SAMEORIGIN');
with your allowed domain name
$this->response->addHeader('X-Frame-Options: ALLOW-FROM www.yourdomain.com');
Beware to overwriting this custom solution during future upgrade process
-
Thanks for the info, much appreciated!