We have a website which has pages that contains multiple frames from different sources. To illustrate, the page home.html has 3 frames which content is loaded from 3 different sites : a.com, b.com and c.com. I want to prevent "XFS vulnerability / X-Frame-Options parameter" I would like to use XFrameOptions with ALLOW-FROM option.
Can I set the XFrameOptions several times or can I set several ALLOW-FROM options to block the modification of the sources ?
We've tried to set several values to ALLOW-FROM, but we get the following message in the Web Agent logs :
[Thu Jul 20 2017 13:15:56][CSmHttpPluginConfig.cpp:2646][ERROR][sm-HTTPAgent-00340]
Invalid configuration: 'xframeoptions' has been specified more than once; using default value.