Blocked by X-Frame-Options Policy

I am running Ghost CMS and mapped both https://www.mydomain.com and https://mydomain.com to the same Ghost site. When login to the admin page and click on “View site”, the following message appear in the right frame:


 Blocked by X-Frame-Options Policy

 An error occurred during a connection to mydomain.com.

 Firefox prevented this page from loading in this context because the page has an X-Frame-Options policy that disallows it.

This only happens for the url with ‘www’ in it.
ie https://www.mydomain.com/ghost/#/site
but the one without it worked fine. The site is loaded in the right frame without problem.
ie https://mydomain.com/ghost/#/site

From this documentation https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options it indicated that this is to prevent other sites from embedding your site in a frame.
Right click on the frame to check source showed that no matter which admin url is used, the “View site” is always loading the one without the ‘www’ basically https://mydomain.com and that explains why the blocked message poppedup when using the admin url with ‘www’ in it.

Is there a way to ‘fix’ this so that both admin url would work?

@nycmits I’m going to reference a comment I made earlier because you’re doing the same thing. tl;dr you need to configure one domain to redirect all traffic to the other domain

1 Like