1

我有apache 2.4 和mattermost 5.2。它们都在同一台服务器上。我已经配置了一个虚拟主机来指向端口 8065 上的最重要。以下是我的 conf 文件。

<VirtualHost *:80>
  ServerName subdomain.domain.in
  #ServerAdmin hostmaster@mydomain.com
  ProxyPreserveHost On

  # Set web sockets
  RewriteEngine On
  RewriteCond %{REQUEST_URI} /api/v[0-9]+/(users/)?websocket [NC,OR]
  RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
  RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
  RewriteRule .* wss://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f

  <LocationMatch "^/api/v(?<apiversion>[0-9]+)/(?<apiusers>users/)?websocket">
    Require all granted
    ProxyPass ws://127.0.0.1:8065/api/v%{env:MATCH_APIVERSION}/%{env:MATCH_APIUSERS}websocket
    ProxyPassReverse ws://127.0.0.1:8065/api/v%{env:MATCH_APIVERSION}/%{env:MATCH_APIUSERS}websocket
    ProxyPassReverseCookieDomain 127.0.0.1 subdomain.domain.in
  </LocationMatch>

  <Location />
    Require all granted
    ProxyPass http://127.0.0.1:8065/
    ProxyPassReverse http://127.0.0.1:8065/
    ProxyPassReverseCookieDomain 127.0.0.1 subdomain.domain.in
  </Location>

</VirtualHost>

我正在尝试以以下方式从 Django 应用程序中的 anothersubdomain.domain.in/mattermost 加载 iframe

<iframe src="http://subdomain.domain.in"></iframe>

我正进入(状态

Refused to display 'http://subdomain.domain.in/' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'"

我不想更改最重要的代码。有没有办法完成这个?

4

1 回答 1

1

在解决这个问题几天后,我找到了编辑Content-Security-PolicyX-Frame-Options的请求标头的解决方案。以下是我编辑的虚拟主机。

<VirtualHost *:80>
  ServerName subdomain.domain.in
  #ServerAdmin hostmaster@mydomain.com
  ProxyPreserveHost On

  # Set web sockets
  RewriteEngine On
  RewriteCond %{REQUEST_URI} /api/v[0-9]+/(users/)?websocket [NC,OR]
  RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
  RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
  RewriteRule .* wss://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f

  Header edit Content-Security-Policy: "frame-ancestors 'self'" "frame-ancestors http://*.domain.in"
  Header edit X-Frame-Options "SAMEORIGIN" "allow-from http://*.domain.in"

  <LocationMatch "^/api/v(?<apiversion>[0-9]+)/(?<apiusers>users/)?websocket">
    Require all granted
    ProxyPass ws://127.0.0.1:8065/api/v%{env:MATCH_APIVERSION}/%{env:MATCH_APIUSERS}websocket
    ProxyPassReverse ws://127.0.0.1:8065/api/v%{env:MATCH_APIVERSION}/%{env:MATCH_APIUSERS}websocket
    ProxyPassReverseCookieDomain 127.0.0.1 subdomain.domain.in
  </LocationMatch>

  <Location />
    Require all granted
    ProxyPass http://127.0.0.1:8065/
    ProxyPassReverse http://127.0.0.1:8065/
    ProxyPassReverseCookieDomain 127.0.0.1 subdomain.domain.in
  </Location>

</VirtualHost>

在这里,我编辑了仅允许我域的所有子域使用的标题。

于 2018-09-18T15:30:48.503 回答