. Advertisement .
..3..
. Advertisement .
..4..
The same-origin policy, often known as SOP in computing, is a key idea in the web application security architecture. According to the policy, a web browser only allows scripts in one web page to access data in another online page if the origin of both web sites is the same. A combination of a host name, port number, and URI scheme is referred to as an origin. This rule stops dangerous scripts from using the Document Object Model of one web page to access private information on another. “Refused to display in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’” is a common error, it happens in many ways. So, why does it appear, and how can it be resolved? We’ll go over it with you through this article. Read on.
When does the error “Refused to display in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN'” happen?
You are creating a website that should be mobile-friendly such as Facebook, Google,…so that users can access it from their smartphones. You may encounter the following error:
Refused to display 'https://accounts.google.com/o/openid2/auth
?openid.ns=http://specs.openid.ne…tp://axschema.org/namePerson
/last&openid.ax.required=email,name,first,last'
in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
The problem shows that either the Chrome browser or the application set the X-Frame-Options header to SAMEORIGIN. This indicates that the program has forbidden the resource to load in an external iframe. Let’s access to The X-Frame-Options response header on MDN for more details.
What is ‘X-Frame-Options’ to ‘SAMEORIGIN’?
Websites can choose to enable the “X-Frame-Options” header of an HTTP response in the files of server configuration. ”X-Frame-Options” stops websites from loading in iframes and prevents them from being superimposed over other websites. Because of the fact that all browsers obey the X-Frame-Options header and will not load any webpages with the header set in a frame, the victim’s browser really implements the security control. Only when the website which is loading the frame has the similar domain name as the protected webpage, “X-Frame-Options: SAMEORIGIN”, permits protected webpages to be framed. In this instance, a frame can only be loaded on your own website; it cannot be loaded on any other website. Any webpages with the header set in a frame won’t load for you.
How to solve the error “Refused to display in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN'”
Solution 1: Include &output=embed at the end of the url
The simplest solution to fix the error “Refused to display in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN'” is including &output=embed at the end of the url before you post to the Google URL as the following command:
var url = data.url + "&output=embed"; window.location.replace(url);
After you do that, your error will completely resolved.
Solution 2: Modify the printMode option in the HTML5 Viewer
To download the PDF file with the additional settings (telerikReportViewer.PrintModes.FORCE PDF FILE) – Printing Reports, modify the printMode option in the HTML5 Viewer.
Solution 3: Change “watch?v=” to “v/”
There is another solution for you to solve the issue “Refused to display in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN'”. It is changing "watch?v="
to "v/"
. Look at the command below:
var url = url.replace("watch?v=", "v/");
Solution 4: X-Frame-Option should be changed to ALLOW FROM address>;
X-Frame-Option should be changed to ALLOW FROM address>; it’s also a great way for you to solve your problem.
The above solutions are very simple. However, they will work very flawlessly for you. After you apply them, your error will completely disappear and there is not any error in your program, it will run well. So, what are you waiting without applying them for your problem to get your desired results?
Conclusion
Above are some ways to handle when encountering “Refused to display in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’“. This is a common mistake that users make. Find out how to handle it and choose the right solution for the situation you are in. Hope you get the problem resolved soon. If you have any questions, don’t hesitate to contact us immediately. Thank you for reading!
Read more
Leave a comment