Node-RED: Use an HTTP node with an iFrame

This documentation is part of the Getting started guide. View the full guide here: How to get started with Node-RED.

👋 Welcome to the Stackhero documentation!

Stackhero offers a ready-to-use Node-RED cloud solution that provides a host of benefits, including:

  • MQTT server included (Mosquitto).
  • Full access to Node-RED admin UI.
  • Node-RED Dashboard included.
  • Unlimited and dedicated SMTP email server included.
  • Effortless updates with just a click.
  • Customizable domain name secured with HTTPS (for example, https://node-red.your-company.com).
  • Optimal performance and robust security powered by a private and dedicated VM.

Save time and simplify your life: it only takes 5 minutes to try Stackhero's Node-RED cloud hosting solution!

When using an iFrame to request content via an HTTP node, the default header X-Frame-Options: SAMEORIGIN might prevent the page from displaying. Starting with Node-RED version 1.2.2-0, you can override this default header.

To do so, set the header X-Frame-Options to null on your HTTP response node. For example:

msg.headers = { "X-Frame-Options": null };

Example of a node setting the header X-Frame-OptionsExample of a node setting the header X-Frame-Options

You can download this flow example and import it into your Node-RED instance to test the feature.

Note that you can also restrict allowed domains using the headers Content-Security-Policy: frame-ancestors <source> or X-Frame-Options: ALLOW-FROM <source>.