RM 1.1 Issue uploading resource or images for resource posting in Opera 26.


Well-known member
I was using Opera v26 to test an alternate account with my main logged into Chrome. I could not get either resources or the images for the post to upload properly. Had no issues uploading an attachment to a thread. Tried it again with all add-ons disabled. It would go into an ajax progress and never end. Saving the resource and looking at it again revealed the files to all have actually uploaded.

The following is what the console output:

Multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, DENY') encountered when loading 'https://www.raindd.com/attachments/do-upload'. Falling back to 'DENY'.
about:blank:1 Refused to display 'https://www.raindd.com/attachments/do-upload' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN, DENY'.
jquery-1.11.0.min.js:2 Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Sandbox access violation: Blocked a frame at "https://www.raindd.com" from accessing a frame at "null". The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.

Wasn't having the issue in Chrome. Fresh install of Opera 26. Board URL is set correct. Server forcing all traffic to www and https.


XenForo developer
Staff member
I'm not sure where that X-Frame-Options: DENY is coming from. XF sets the SAMEORIGIN value.

It looks like it's being set at the webserver level as I see it on a JS file (served directly). You will likely need to remove that for the XF directory (or at least set it to SAMEORIGIN).


Well-known member
Thanks mike. It was in the config due to a common nginx recommendation. Typically filed under HTTP Strict Transport Security its actually there for anti click jacking which Xenforo already tries to handle. Sigh. Sometimes I should pay more attention.