我需要在iframe中显示一些网站,我不能直接这样做,因为其中一些网站的标题X-Frame-Options设置为'SAMEORIGIN'。作为绕过这种方式的一种方法,我尝试在apache中使用反向代理。下面是我的apache配置
<VirtualHost *:80>
ServerName google.local
ProxyRequests Off
DocumentRoot /var/www/html/iframe-test
ProxyPass /test http://www.oracle.com/index.html
ProxyPassReverse /test http://www.oracle.com/index.html
ErrorLog /var/log/apache2/google.local-error.log
CustomLog /var/log/apache2/google.local-access.log combined
<Location *>
AllowOverride All
Order allow,deny
Allow from all
# Header always append X-Frame-Options "ALLOW-FROM all"
Header add test-header 'test'
</Location>
但我仍然无法在iframe中加载该网站,而是收到错误Load denied by X-Frame-Options: https://www.oracle.com/index.html does not permit cross-origin framing.
答案 0 :(得分:0)
上述配置的问题是代理仅适用于http协议。但是,如控制台错误消息中所示,外部站点实际上会自动将http重定向到https 因此,为了处理https请求,需要在apache中启用ssl并启用SSLProxyEngine。为此,
sudo a2enmod ssl
添加&#39; SSLProxyEngine On&#39;到上面的配置
<VirtualHost *:80>
ServerName google.local
ProxyRequests On
ProxyPreserveHost Off
SSLProxyEngine On
DocumentRoot /var/www/html/iframe-test
ProxyPass /test http://www.oracle.com/index.html
ProxyPassReverse /test http://www.oracle.com/index.html
ErrorLog /var/log/apache2/google.local-error.log
CustomLog /var/log/apache2/google.local-access.log combined
<Location *>
AllowOverride All
Order allow,deny
Allow from all
# Header always append X-Frame-Options "ALLOW-FROM all"
Header add test-header 'test'
</Location>
</VirtualHost>