Conditional X-Frame-Options

[jalabama]

Hi!

I am trying to set X-Frame-Options for all pages except all pages of this path: ^/mypath/
Whatever I have tried it won't work.
For example, using the below code in my .htaccess I always end up with "deny" - even if I switch my condition check from !~ to =~ I still get "deny" for the pages under /mypath/

I have tried many different regex checks but had no success so far.

<IfModule mod_headers.c>
   <If "%{REQUEST_URI} !~ m#^/mypath/#">
      Header set X-Frame-Options "sameorigin"
   </If>
   <Else>
      Header set X-Frame-Options "deny"
   </Else>

   # Header always set X-Frame-Options "sameorigin" "expr=%{REQUEST_URI} =~ m#^/mypath/$#"
</IfModule>

Could someone advise how to achieve that?
And also could also propose a conditional check for setting my Header when in my url I have a query parameter like: example.com/mypath/page1/?foo=bar

 

[NiteWave]

please try:

RewriteRule ^/mypath/  - [E=SAME:1]

Header set X-Frame-Options "deny"
Header set X-Frame-Options "sameorigin"  env=SAME

 

[jalabama]

Hi,

thanks for the prompt response. It helped.
I had to adjust it like this in order to make it work. Snippet below is enhanced also with the query_string check:

    RewriteCond %{REQUEST_URI}  ^/mypath/
    RewriteCond %{QUERY_STRING} foo=bar
    RewriteRule - [E=SAME:1]
    Header set X-Frame-Options "deny"
    Header set X-Frame-Options "sameorigin"  env=SAME

Best wishes for the Season Holidays and the new Year to all!