X-Frame-Options error on Iframe Option [Self Hosted]

I am trying to use the Iframe option on self hosted Invoice Ninja, but it seems invoice ninja is not creating the correct headers (even though I have put the main website’s invoice URL in the right field).

Here is the error message (xyz.com is not the real domain):
Refused to display ‘https://billing.xyz.com/client/sessionexpired’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’.
billing.xyz.com/client/sessionexpired Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE

Here are the headers sent by InvoiceNinja:
Content-Type:text/html; charset=UTF-8
Date:Wed, 10 May 2017 17:55:04 GMT
Keep-Alive:timeout=5, max=100
Set-Cookie:XSRF-TOKEN=111%3D; expires=Thu, 11-May-2017 01:55:04 GMT; Max-Age=28800; path=/
Set-Cookie:222%3D; expires=Thu, 11-May-2017 01:55:04 GMT; Max-Age=28800; path=/; httponly

Maybe it’s related to the web server configuration.


Invoice Ninja should be able to set this header to the respnse because it knows the full URL of iFrame page.

I will try to manually add this header in Apache configuration for the meantime.

Thanks for the suggestion, we’ll look into it.