I have a node app, which run on domain and subdomain.
Example:
abc.com -> main server
abc.com/admin -> admin panel
a.abc.com -> a user portal
b.abc.com -> another user portal
Now I need to "a.abc.com" in "abc.com" inside the iframe. If I use
a.abc.com/admin
which also open admin portal then I am able to see
a.abc.com
in Iframe but If I login with
abc.com/admin
and try a.abc.com or b.abc.com in iframe it gives error
Refused to display 'http://a.abc.com' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
How to allow this? I am using node / express.
I have used helmet module
app.use(helmet())
which set origin to sameorigin so it allow on only for same origin
Changed it to
app.use(helmet({
frameguard: false
}));
Now it works :)