发表新帖
发表新帖

Overcoming “Display forbidden by X-Frame-Options”

后端 未结
关注
26 2211
梦谈多话
梦谈多话 2020-11-21 06:31

I\'m writing a tiny webpage whose purpose is to frame a few other pages, simply to consolidate them into a single browser window for ease of viewing. A few of the pages I\'

相关标签:
26条回答
  • 终归单人心
    2020-11-21 07:19

    Try this thing, i dont think anyone suggested this in the Topic, this will resolve like 70% of your issue, for some other pages, you have to scrap, i have the full solution but not for public,

    ADD below to your iframe

    sandbox="allow-same-origin allow-scripts allow-popups allow-forms"

    0 讨论(0)
  • 情话喂你
    2020-11-21 07:22

    I had a similar issue, where I was trying to display content from our own site in an iframe (as a lightbox-style dialog with Colorbox), and where we had an server-wide "X-Frame-Options SAMEORIGIN" header on the source server preventing it from loading on our test server.

    This doesn't seem to be documented anywhere, but if you can edit the pages you're trying to iframe (eg., they're your own pages), simply sending another X-Frame-Options header with any string at all disables the SAMEORIGIN or DENY commands.

    eg. for PHP, putting 

    <?php
    header('X-Frame-Options: GOFORIT'); 
?>

    at the top of your page will make browsers combine the two, which results in a header of

    X-Frame-Options SAMEORIGIN, GOFORIT

    ...and allows you to load the page in an iframe. This seems to work when the initial SAMEORIGIN command was set at a server level, and you'd like to override it on a page-by-page case.

    All the best!

    0 讨论(0)
  • 执念已碎
    2020-11-21 07:22

    It's surprising that no one here has ever mentioned Apache server's settings (*.conf files) or .htaccess file itself as being a cause of this error. Search through your .htaccess or Apache configuration files, making sure that you don't have the following set to DENY:

    Header always set X-Frame-Options DENY

    Changing it to SAMEORIGIN, makes things work as expected:

    Header always set X-Frame-Options SAMEORIGIN

    0 讨论(0)
  • 迷失自我
    2020-11-21 07:23

    If you are getting this error while trying to embed a Google Map in an iframe, you need to add &output=embed to the source link.

    0 讨论(0)
  • 礼貌的吻别
    2020-11-21 07:23

    I had same issue when I tried embed moodle 2 in iframe, solution is Site administration ► Security ► HTTP security and check Allow frame embedding

    0 讨论(0)
  • 無奈伤痛
    2020-11-21 07:23

    Use this line given below instead of header() function. 

    echo "<script>window.top.location = 'https://apps.facebook.com/yourappnamespace/';</script>";
    0 讨论(0)
 看不清?
提交回复
热议问题