因业务需要,官网需要显示在一个frame框架内,但Drupal安全限制,不允许其他域名的框架显示。
Since Drupal 7.50, core is now protected against clickjacking by default (X-Frame-Options: SAMEORIGIN).
So by default, your Drupal site can only be embedded into a site on the same domain.
To change those settings, assuming of course you understand the associated risks, follow the advice in the change record:
If you are using a module such as Security Kit that already writes the X-Frame-Options header on its own, that setting will be automatically respected (pending the patch at #2661644: Integrate with Drupal core clickjacking defense) and Drupal core will not overwrite it. The Security Kit module provides an administrative interface for setting this header, so it's a good choice if you need to override the default Drupal core behavior and aren't sure exactly how to do it.
Alternatively, set the 'x_frame_options' variable via any standard method, for example in settings.php:at all, even on this site itself.$conf['x_frame_options'] = 'DENY';
// Turn off the X-Frame-Options header entirely, to restore the previous // behavior of allowing the site to be embedded in a frame on another site. $conf['x_frame_options'] = '';
OR
// Set the "DENY" option to prevent the site from ever being embedded in a // frame at all, even on this site itself. $conf['x_frame_options'] = 'DENY';
See https://developer.mozilla.org/docs/Web/HTTP/Headers/X-Frame-Options for more information on the various options this header can take.
Removing the header (as shown in the first example code snippet above) should not be done lightly, or else your Drupal site could be embedded on other sites and then the user tricked into doing actions they don't want.
If you want to remove the X-Frame-Options header in hook_page_alter() or theme preprocess functions that run later you can remove the header like this (requires PHP >= 5.3):
header_remove('X-Frame-Options');当然还有一个简便的处理办法:
When on Drupal 8, you have the https://www.drupal.org/project/allow_iframed_site module perfectly doing the job. The module has an easy setup page for limiting iframing by path.
Drupal 8+ has a feature built into core that stops the site from being rendered within an iframe, there are good reasons for this - https://www.drupal.org/node/2514136 But sometimes you want your site in an iframe, so that's what this module does.
安装一个Allow_iframed_site插件,打开后即可。
鲁ICP备09092366号Copyright StarArly.com. All Rights Reserved. 
没有评论,留下你的印记,证明你来过。
◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。