XFrameOptions.allow_from()

Set the (obsolete) ALLOW-FROM <origin> directive.

Usage

Source

XFrameOptions.allow_from(origin)

Warnings

This is an obsolete directive. Modern browsers that encounter response headers with this directive will ignore the header completely. Use CSP frame-ancestors instead.

Parameters

origin

An origin value (for example, https://example.com).

Returns

The XFrameOptions instance for method chaining.