An IT dept I am working on has a strict policy about frames. We have to send the headers X-FRAMES-OPTIONS DENY on all pages. This blocks frames/iFrames from working completely.

The only place this is causing us an issue is the filefield upload feature. This uses iFrames, which are blocked, and it throws a
An HTTP error 0 occurred.

1) Is there any alternative to using frames here?
2) Can the "upload" button/feature be disabled? Users would have to save the node before adding descriptions and such but at least they wouldn't get an error.

Thanks for any ideas.


quicksketch’s picture

Category: feature » support

Yes you could disable the AJAX functionality by removing the JavaScript from the page, potentially by using hook_preprocess_page() or something more drastic like simply emptying out the .js files included by FileField. The most comprehensive way of removing the JS would be to add additional processing to the file field elements (like FileField Sources does) and remove the JS that way, though I'm not sure that'd be very easy.

However as a general feature request, no there isn't a way to do uploads without iFrames that I know of. FileField depends on core's use of the jQuery Forms plugin, which you can read more about how/why it uses iframes here: