X Frame-Options header is not a recognized directive

I am using Nextcloud (on Nginx) for a while now and I want to iframe it for another website. However the header does not accept my directives.

I changed the header option in /var/www/nextcloud/lib/private/legacy/response.php into the following:

header('X-Frame-Options: ALLOW-FROM https://example.com');

However when I make an example webpage with an iframe it gives me the following error:

Invalid 'X-Frame-Options' header encountered when loading 'https://nextcloud.example.com/apps/files/': 'ALLOW-FROM https://example.com' is not a recognized directive. The header will be ignored.

Does anyone have an idea why this does not work, thanks in advance.

This post was original posted on Stack Overflow: https://stackoverflow.com/questions/47719532/x-frame-options-header-is-not-a-recognized-directive?noredirect=1

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.