'X-Frame-Options' (frame does not open) in MS Edge

Installation & Configuration
1

Hi team,

I am running a SuSE Linux server with

  1. Apache 2.4.51 (not docker)
  2. Owncloud 10.8.0 (not docker)
  3. CODE 21.06.9 (rpm packages, not docker)

This is my apache conf for collabora

########################################

Reverse proxy for Collabora Online

########################################
<VirtualHost *:443>

ServerName collabora.myserver.dee

ErrorLog /var/log/apache2/collabora.myserver.de-error_log
TransferLog /var/log/apache2/collabora.myserver.de-access_log
CustomLog /var/log/apache2/collabora.myserver.de-ssl_request_log ssl_combined

AllowEncodedSlashes NoDecode
ProxyPreserveHost On

static html, js, images, etc. served from coolwsd

browser is the client part of Collabora Online

ProxyPass /browser htttp://127.0.0.1:9980/browser retry=0
ProxyPassReverse /browser htttp://127.0.0.1:9980/browser

WOPI discovery URL

ProxyPass /hosting/discovery htttp://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery htttp://127.0.0.1:9980/hosting/discovery

Capabilities

ProxyPass /hosting/capabilities htttp://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities htttp://127.0.0.1:9980/hosting/capabilities

Main websocket

ProxyPassMatch “/cool/(.*)/ws$” ws://127.0.0.1:9980/cool/$1/ws nocanon

Admin Console websocket

ProxyPass /cool/adminws ws://127.0.0.1:9980/cool/adminws

Download as, Fullscreen presentation and Image upload operations

ProxyPass /cool htttp://127.0.0.1:9980/cool
ProxyPassReverse /cool htttp://127.0.0.1:9980/cool

Compatibility with integrations that use the /lool/convert-to endpoint

ProxyPass /lool htttp://127.0.0.1:9980/cool
ProxyPassReverse /lool htttp://127.0.0.1:9980/cool

<Location /browser>
Header unset X-Frame-Options
Header set X-Frame-Options SAMEORIGIN

<Proxy *:9980>
Header unset X-Frame-Options
Header set X-Frame-Options SAMEORIGIN

The last two sections of the configuration file I added in order to get rid of this error in

Microsoft Edge Version 96.0.1054.43 running on Windows 10:

Error message in console:
JQMIGRATE: Migrate is installed, version 1.4.0
2js.js?v=9571a9ef1ba4a65332b7b5c6e070bd40:2340
Deprecation warning: tipsy is deprecated. Use tooltip instead.
jQuery.fn.tipsy @ js.js?v=9571a9ef1ba4a65332b7b5c6e070bd40:2340
chromewebdata/:1
Failed to load resource: the server responded with a status of 403 ()
chromewebdata/:1
Refused to display ‘https://collabora.myserver.de/’ in a frame because it set ‘X-Frame-Options’ to ‘deny’.
(Index):2762
crbug/1173575, non-JS module files deprecated.
(anonym) @ (Index):2762

Editing of documents is not possible, I receive this warning in the browser window:

collabora.myserver.dee hat eine Verbindung verweigert.”
which translates to collabora.myserver.dee rejected a connection.

The CODE virtual desktop is not shown, I cannot edit any document.

Some snippet from the CODE page source reads like this:


var rd_instanceId = ‘ocladtdxrgqr’;
var rd_version = ‘0’;
var rd_sessionId = ‘0’;
var rd_permissions = ‘27’;
var rd_title = ‘ODT Format.odt’;
var rd_fileId = ‘159118’;
var rd_access_token = ‘EF3vIhWxmwGC60lf8GwcvaG0OsArJapU’;
var rd_access_token_ttl = ‘1638749563000’;
var rd_urlsrc = ‘htttps://collabora.myserver.de/browser/15dc78e/cool.html?’;
var rd_path = ‘/ODT Format.odt’;
var rd_canonical_webroot = ‘’;

I thought to remedy the problem by adding

Header unset X-Frame-Options
Header set X-Frame-Options SAMEORIGIN

to my apache config file (see above)

But, this did not help.

I do not get errors/warning from apache logs.

I wonder where

“Refused to display ‘htttps://collabora.myserver.de/’ in a frame because it set ‘X-Frame-Options’ to ‘deny’.”

comes from? I checked all config files for apache, there is no such entry.

I regularly cleared the browser cache, to no avail.

Any help greatly appreciated.

P. S. I had to add some letters in URLs since I am limited to post only 2 valid URLs (restriction of posting here)