A partner is calling our shop in an iFrame. And get this Error Message in Firefox:
Load dinied by X-Frame-Options: https://www.xyz.de/shop/katalog/index does not permit cross-origin framing.
Original he called the sendLogin/index site. So I think the Core request is working. But in this Controller there is a redirection to the katalog/index Controller:
$this->_redirect('katalog/index');
I'm not sure what to do or where I have to look.
This is a security feature some servers send. It is used to help prevent XSS attacks.
You need to add a header to change the value of the header being sent. Something like
header('X-Frame-Options ALLOW-FROM uri');
Replacing uri with the payment gateway uri.
For more information you can read the Mozilla X-Frame-Options response header
To remove a previous header in php, use header_remove:
header_remove('X-Frame-Options');
However, this only works for headers that have been set by PHP. If the header is being set by the server then you will need to change the php.ini file to remove the above header.