Node-RED: Use an HTTP node with an iFrame
This documentation is part of the Getting started guide. View the full guide here: How to get started with Node-RED.
👋 Welcome to the Stackhero documentation!
Stackhero offers a ready-to-use Node-RED cloud solution that provides a host of benefits, including:
- MQTT server included (Mosquitto).
- Full access to Node-RED admin UI.
- Node-RED Dashboard included.
- Unlimited and dedicated SMTP email server included.
- Effortless updates with just a click.
- Customizable domain name secured with HTTPS (for example, https://node-red.your-company.com).
- Optimal performance and robust security powered by a private and dedicated VM.
Save time and simplify your life: it only takes 5 minutes to try Stackhero's Node-RED cloud hosting solution!
When using an iFrame to request content via an HTTP node, the default header X-Frame-Options: SAMEORIGIN might prevent the page from displaying. Starting with Node-RED version 1.2.2-0, you can override this default header.
To do so, set the header X-Frame-Options to null on your HTTP response node. For example:
msg.headers = { "X-Frame-Options": null };
Example of a node setting the header X-Frame-Options
You can download this flow example and import it into your Node-RED instance to test the feature.
Note that you can also restrict allowed domains using the headers Content-Security-Policy: frame-ancestors <source> or X-Frame-Options: ALLOW-FROM <source>.