mit_lti_flask_sample icon indicating copy to clipboard operation
mit_lti_flask_sample copied to clipboard

Published 20 hours ago verified publisher icon mitodl

problem with x-frame-options on safari

Open njoliat opened this issue 6 years ago • 3 comments

hi, I have a project using pylti (based on mit_lti_flask_sample) which I've been testing in chrome and firefox. I recently tried it in safari and I get this error: "Invalid 'X-Frame-Options' header encountered when loading 'https://edge.edx.org/courses/course-v1:MITx+21m.030x+3T2017/xblock/block-v1:MITx+21m.030x+3T2017+type@lti_consumer+block@e3ab37cf7d6643a6a32edb9ea7783573/handler/lti_launch_handler': 'ALLOW' is not a recognized directive. The header will be ignored." has anyone had this kind of issue with LTI? thanks! Nick

njoliat avatar Mar 31 '18 02:03 njoliat

(i found this old thread which seems like it's about the same issue; not sure if that's the case and/or whether anything has changed?)

njoliat avatar Mar 31 '18 16:03 njoliat

Hi Nick. This does sound like the Safari issue we encountered. Unfortunately, we never found a completely satisfactory solution. However, that was over a year ago.

pdpinch avatar Mar 31 '18 18:03 pdpinch

@pdpinch I'd imagine this has already been considered, but based on this page it does indeed seem like the X-Frame-Options field isn't supposed to be 'ALLOW', and maybe should be some kind of 'ALLOW-FROM' option instead. Do we know why this currently is showing up as 'ALLOW', and how it might be possible to change it?

njoliat avatar Apr 19 '18 18:04 njoliat