Recently I’ve got request to make magento backend working in iframe. Quick googling gives me link to official documentation with instructions on how to setup storefront to be displayed in iframe. I did not pay attention to storefront word at that point. Backend still not work in iframe and gives an error:
Refused to display 'https://site.com/admin/admin/dashboard/index/key/...../' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
Apparently changes suggested by documentation did not work for backend. Further investigation gives me following files to check:
/www/nginx.conf /www/setup/pub/.htaccess /www/setup/src/Magento/Setup/Test/Unit/Model/ConfigGeneratorTest.php /www/setup/src/Magento/Setup/Model/ConfigGenerator.php /www/setup/src/Magento/Setup/Module.php /www/lib/internal/Magento/Framework/App/Response/HeaderProvider/XFrameOptions.php /www/pub/.htaccess /www/nginx.conf.sample
It appear that there is separate constant for backend in XFrameOptions.php. To update it you need to change following code:
/** Always send SAMEORIGIN in backend x-frame-options header */ const BACKEND_X_FRAME_OPT = 'SAMEORIGIN';
Useful Links
Magento 1 not working in iframe?
Magento Documentation – X-Frame-Options header