Unset / allowall "X-Frame-Options" in cPanel without using ssh?

2Pro4u

• May 29, 2018 14:54

This new setting, which I believe cpanel has enforced in one of my recent cpanel updates to only the origin domain, needs to be changed on my server. I can see that there is a cpanel option called "Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd", but this notes that it sets the "X-Frame-Options" to "SAMEORIGIN". I need it either unset or set to ALLOWALL or the equivalent. I've attempted to follow this guide: jamesmaurer.com/enable-or-disable-x-frame-option-sameorigin.asp and tried both "all versions" of apache, and the specific version option. Restarted Apache through all the testing, and nothing worked. Is there any other option available to me, while staying inside cpanel GUI or .htaccess, or will I need to contact my support provider to do this via SSH command line? If possible, I'd like to be able to set it on a per-site basis.

• 

  cPanelMichael

  • May 29, 2018 21:43

  Hello @2Pro4u, The link you referenced is for Apache, and the setting you referenced is for cpsrvd (e.g. cPanel, WHM, Webmail). Are you attempting to modify the cpsrvd setting? If so, the following option is available under the Security tab in WHM >> Tweak Settings: Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd It defaults to OFF and per it's description: [QUOTE] Use the X-Frame-Options HTTP response header to indicate whether a browser can render a page in a ,

  0
• 

  2Pro4u

  • May 29, 2018 22:52

  The "X-Frame-Options and X-Content-Type-Options headers with cpsrvd" setting is currently off, but iframes are NOT working across domains. The description for the setting notes: "When you enable this option, the system adds the X-Frame-Options header, with a value of SAMEORIGIN" We do not want SAMEORIGIN, we want all. The description, as far as my understanding, doesn't give any option for getting an "ALLOWALL" setting, it's only a radio button, on, and allow sameorigin, or off, and disallow all.

  0
• 

  cPanelMichael

  • May 30, 2018 13:28

  Hello @2Pro4u,

  but iframes are NOT working across domains.

  
  To clarify, is this for the website content of these domain names, or are you referring to the cPanel, WHM, & Webmail interfaces? The option you see in WHM >> Tweak Settings applies to cpsrvd and does not apply to Apache. Thus, it does not affect the actual web pages for your domain names. If you're looking to change that setting for your websites, you'd need to follow the instructions on a thread like this: Let me know if that helps. Thank you.

  0
• 

  2Pro4u

  • May 30, 2018 16:38

  I don't understand a lot of what's being talked about in that thread, and it seems like it actually not what I need. Basically, I just want my server to support iframes across domains, and the setting to not be overwritten when I update cpanel. What do I need to change to accomplish this, since someone along the chain of backend web softwares (cpanel,nginx,apache,cloudlinux) has pretty much broken the iframe tag from working completely, without some minuscule server setting change.

  0
• 

  cPanelMichael

  • May 30, 2018 16:52

  Hello @2Pro4u, You mentioned using Nginx. This software is not supported with cPanel & WHM. Can you let us know the specific plugin you used to install Nginx so we can check to see if this is a known issue with the third-party plugin you are using? Thank you.

  0
• 

  2Pro4u

  • May 30, 2018 18:15

  cPnginx Version 10.13

  0
• 

  cPanelMichael

  • May 31, 2018 14:36

  cPnginx Version 10.13

  
  Hello @2Pro4u, Can you temporarily disable Nginx and enable Apache to help determine if your Nginx configuration is the culprit? Or, consider reaching out to the support team of the Nginx application you are using to see if there's a specific configuration change you should make. Thank you.

  0

Please sign in to leave a comment.