I am using Nextcloud (on Nginx) for a while now and I want to iframe it for another website. However the header does not accept my directives.

I changed the header option in /var/www/nextcloud/lib/private/legacy/response.php into the following:

header('X-Frame-Options: ALLOW-FROM https://example.com');

However when I make an example webpage with an iframe it gives me the following error:

Invalid 'X-Frame-Options' header encountered when loading 'https://nextcloud.example.com/apps/files/': 'ALLOW-FROM https://example.com' is not a recognized directive. The header will be ignored.

Does anyone have an idea why this does not work?

To come back to this post. Unfortunatly I found the problem. Chrome does not support this option, therefore Chrome gives me the error that the iframe redirected me to many times.

However the option works on Firefox (More information here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options).