Not a developer? Go to MovableType.com

MovableType.org
Documentation
Home / Documentation / Appendices Appendix: Configuration Directives

XFrameOptions

This is documentation about a configuration directive, which can be placed within Movable Type’s core configuration file, mt-config.cgi, to customize the behavior of the system.

This configuration directive was added in version MT6.2.

Specify a value of X-Frame-Options header. Possible values are follows.

Values

DENY
The screens made by Movable Type are not allowed to be displayed in the frame.
SAMEORIGIN
The screens made by Movable Type are allowed to be displayed in the frame if the domain is the same.
ALLOW-FROM uri
The screens made by Movable Type are allowed to be displayed in the frame if that domain is the same as specified one.
NONE
Movable Type will never output X-Frame-Options header. (added in MT 6.3.5)

Default

SAMEORIGIN

Example

XFrameOptions ALLOW-FROM http://foo.example.com/ XFrameOptions ALLOW-FROM http://bar.example.com/

Back