Why Cant't I Iframe My Site

I tried to iframe my site but the frame would’nt display any content. I don’t know whay might be the cause, I used to be able to Iframe my site only within my domain and since I switched to Cloudflare, my site won’t display at all in an iframe tag. This also affects my sub-domains.

It has been fixed.

I just had to add security headers

I set up a worker as provided by Scott Thelme on https://scotthelme.co.uk/security-headers-cloudflare-worker/


I made some simple custom changes and route the worker to span wildcard *.mydomain.com/*


 let securityHeaders = {
	"Content-Security-Policy" : "upgrade-insecure-requests",
	"Strict-Transport-Security" : "max-age=31536000;includeSubDomains",
	"X-Xss-Protection" : "1; mode=block",
	"X-Frame-Options" : "SAMEORIGIN",
	"X-Content-Type-Options" : "nosniff",
	"Referrer-Policy" : "strict-origin-when-cross-origin",
}

let sanitiseHeaders = {
“Server” : “My New Server Header!!!”,
}

let removeHeaders = [
“Public-Key-Pins”,
“X-Powered-By”,
“X-AspNet-Version”,
]

addEventListener(‘fetch’, event => {
event.respondWith(addHeaders(event.request))
})

async function addHeaders(req) {
let response = await fetch(req)
let newHdrs = new Headers(response.headers)

if (newHdrs.has("Content-Type") && !newHdrs.get("Content-Type").includes("text/html")) {
    return new Response(response.body , {
        status: response.status,
        statusText: response.statusText,
        headers: newHdrs
    })
}

Object.keys(securityHeaders).map(function(name, index) {
	newHdrs.set(name, securityHeaders[name]);
})

Object.keys(sanitiseHeaders).map(function(name, index) {
	newHdrs.set(name, sanitiseHeaders[name]);
})

removeHeaders.forEach(function(name){
	newHdrs.delete(name)
})

return new Response(response.body , {
	status: response.status,
	statusText: response.statusText,
	headers: newHdrs
})

}




Turns out I could also do it with not only Cloudfare workers but also cloudfare Pages


It is documented herehttps://developers.cloudflare.com/pages/configuration/headers/

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.