Blocked by X-Frame-Options Policy

I am running Ghost CMS and mapped both and to the same Ghost site. When login to the admin page and click on “View site”, the following message appear in the right frame:

 Blocked by X-Frame-Options Policy

 An error occurred during a connection to

 Firefox prevented this page from loading in this context because the page has an X-Frame-Options policy that disallows it.

This only happens for the url with ‘www’ in it.
but the one without it worked fine. The site is loaded in the right frame without problem.

From this documentation it indicated that this is to prevent other sites from embedding your site in a frame.
Right click on the frame to check source showed that no matter which admin url is used, the “View site” is always loading the one without the ‘www’ basically and that explains why the blocked message poppedup when using the admin url with ‘www’ in it.

Is there a way to ‘fix’ this so that both admin url would work?

@nycmits I’m going to reference a comment I made earlier because you’re doing the same thing. tl;dr you need to configure one domain to redirect all traffic to the other domain

1 Like