On 19/04/2021 11:21, Andy Burns wrote:
The Natural Philosopher wrote:

Andy Burns wrote:

The Natural Philosopher wrote:

Chris J Dixon wrote:

AIUI, it is the web site that has the strict policy,

no. it is a setting in the browser.

No, its a configuration option in the webserver that the browser
obeys, e.g. this page shows how to configure it for apache, nginx,
iis etc

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options


Not quite. Servers may request it, but browsers may or may not honour it.

The danger of relying on client-side security ...

But in this case it's irrelevant, the proper tickets iframe doesn't rely
on sameorigin,

it did wiv me i think

it's only the "you're blocked" page being substituted by
cloudflare that is triggering the error.



--
€œA leader is best When people barely know he exists. Of a good leader,
who talks little,When his work is done, his aim fulfilled,They will say,
€œWe did this ourselves.€�

ۥ Lao Tzu, Tao Te Ching