There are several questions about that but I couldn't get the right answer yet. I give a short summary:
Company A has a website with an iframe in it. Company B gives the URL for that iframe. The user uses an application from Company B and with the settings the user chooses it sets up an URL which is delivered to the iframe from Company A.
However, the framing is not working yet because of x-frame-options. The error message is the following:
Load denied by X-Frame-Options: http://www.myurl.com:8088/myPath?panel=panel&user=username does not permit cross-origin framing.
I added
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
to my web.config and also tried to add
<handlers>
<remove name="OPTIONS"/>
</handlers>
without any success.
I got that suggestions from this and this website to add CORS support on my IIS. As I mentioned above, without any success. I'm not that good in web development or IIS so maybe this question sounds stupid to you: Does Company A has to enable CORS or does Company B? Or both? And how? The suggestions I got from google didn't help yet.
Suggestions appreciated.
That error message isn’t related to the Access-Control-Allow-Origin header nor to OPTIONS handling, so it’s expected that the changes described in the question wouldn’t have any effect.
The cause instead is, the http://www.myurl.com:8088 server’s sending an X-Frame-Options response header in responses for requests to /myPath. So if you don’t want the server to do that, you need to figure out what part of the server code is causing that X-Frame-Options response header to be added, and remove that code.