I am getting refused to connect and Can’t Open This Page errors in Chrome and Firefox when pages of a Drupal 7 legacy site are embedded in iFrames. I know the X-Frame-Options are now set to SAMEORIGIN by default in Drupal 7 that is why I have following is in template.php. It used to work, but suddenly stopped working:
function spintx_preprocess(&$vars) {
header_remove('X-Frame-Options');
}
Why did this stop working all of a sudden? How can I troubleshoot this?
I tried to set the header in the htaccess file, but I don't think the Header module is enabled, so it didn't have any effect:
<IfModule mod_headers.c>
Header set X-FRAME-OPTIONS "ALLOWALL"
</IfModule>
Found these Drupal 8 solutions, but they don't help me: https://drupal.stackexchange.com/questions/188924/how-to-embed-drupal-content-in-other-sites-remove-x-frame-options-sameorigin
Instead of using the straight PHP header functions you want use Drupal's header functions. In particular you can use drupal_add_http_header to add a replacement to the default:
drupal_add_http_header('X-Frame-Options', 'ALLOW-FROM https://ALLOWED.SITE/')