Search the Community
Showing results for tags 'SAMEORIGIN'.
Not specificly related to PW, but in a way it does. I have setup two processwire installs on different sub-domains. Scenario: 1. Main website - visitors go here http://www.domain.com/ 2. Data API provider - RESTful API spitting out (cached) JSON objects http://data.domain.com/ Website 1 loads data trough AJAX / Angular.js from website 2 Since PW by default has the following line in the .htaccess file it will prevent access from cross domains requests that load in an iframe Header always append X-Frame-Options SAMEORIGIN One solution i found was to put the following line in my template file (or somekind of init.php file) at website 2, allowing website 1 to access header('Access-Control-Allow-Origin: http://www.domain.com'); That worked nice, until i installed the Procache module from Ryan. A logic change, since PHP is completely bypassed it does'nt set the headers anymore. The final solution: I removed the header line from the php file and put it in the .htaccess file just below the SAMEORIGIN line on website 2 Header always append X-Frame-Options SAMEORIGIN Header set Access-Control-Allow-Origin: "http://www.domain.com" Could be helpful to anybody, thats why i posted it here Update: found a nice script allowing any sub-domain of the origin host http://stackoverflow.com/a/19519690