Overcoming “Display forbidden by X-Frame-Options”
I\'m writing a tiny webpage whose purpose is to frame a few other pages, simply to consolidate them into a single browser window for ease of viewing. A few of the pages I\'
-
The only question that has a bunch of answers. WElcome to the guide i wish i had when i was scrambling for this to make it work at 10:30 at night on the deadline day... FB does some weird things with canvas apps, and well, you've been warned. If youa re still here and you have a Rails app that will appear behind a Facebook Canvas, then you will need:
Gemfile:
gem "rack-facebook-signed-request", :git => 'git://github.com/cmer/rack-facebook-signed-request.git'config/facebook.yml
facebook: key: "123123123123" secret: "123123123123123123secret12312"config/application.rb
config.middleware.use Rack::Facebook::SignedRequest, app_id: "123123123123", secret: "123123123123123123secret12312", inject_facebook: falseconfig/initializers/omniauth.rb
OmniAuth.config.logger = Rails.logger SERVICES = YAML.load(File.open("#{::Rails.root}/config/oauth.yml").read) Rails.application.config.middleware.use OmniAuth::Builder do provider :facebook, SERVICES['facebook']['key'], SERVICES['facebook']['secret'], iframe: true endapplication_controller.rb
before_filter :add_xframe def add_xframe headers['X-Frame-Options'] = 'GOFORIT' endYou need a controller to call from Facebook's canvas settings, i used
/canvas/and made the route go the mainSiteControllerfor this app:class SiteController < ApplicationController def index @user = User.new end def canvas redirect_to '/auth/failure' if request.params['error'] == 'access_denied' url = params['code'] ? "/auth/facebook?signed_request=#{params['signed_request']}&state=canvas" : "/login" redirect_to url end def login end endlogin.html.erb
<% content_for :javascript do %> var oauth_url = 'https://www.facebook.com/dialog/oauth/'; oauth_url += '?client_id=471466299609256'; oauth_url += '&redirect_uri=' + encodeURIComponent('https://apps.facebook.com/wellbeingtracker/'); oauth_url += '&scope=email,status_update,publish_stream'; console.log(oauth_url); top.location.href = oauth_url; <% end %>Sources
- The config i think came from omniauth's example.
- The gem file (which is key!!!) came from: slideshare things i learned...
- This stack question had the whole Xframe angle, so you'll get a blank space, if you don't put this header in the app controller.
- And my man @rafmagana wrote this heroku guide, which now you can adopt for rails with this answer and the shoulders of giants in which you walk with.
讨论(0) -
i had this problem, and resolved it editing httd.conf
<IfModule headers_module> <IfVersion >= 2.4.7 > Header always setifempty X-Frame-Options GOFORIT </IfVersion> <IfVersion < 2.4.7 > Header always merge X-Frame-Options GOFORIT </IfVersion> </IfModule>i changed SAMEORIGIN to GOFORIT and restarted server
讨论(0) -
If you're getting this error trying to embed Vimeo content, change the src of the iframe,
from: https://vimeo.com/63534746
to: http://player.vimeo.com/video/63534746讨论(0) -
Not mentioned but can help in some instances:
var xhr = new XMLHttpRequest(); xhr.onreadystatechange = function() { if (xhr.readyState !== 4) return; if (xhr.status === 200) { var doc = iframe.contentWindow.document; doc.open(); doc.write(xhr.responseText); doc.close(); } } xhr.open('GET', url, true); xhr.send(null);讨论(0) -
If you are getting this error for a YouTube video, rather than using the full url use the embed url from the share options. It will look like
http://www.youtube.com/embed/eCfDxZxTBW4You may also replace
watch?v=withembed/sohttp://www.youtube.com/watch?v=eCfDxZxTBW4becomeshttp://www.youtube.com/embed/eCfDxZxTBW4讨论(0) -
I had the same problem with mediawiki, this was because the server denied embedding the page into an iframe for security reasons.
I solved it writing
$wgEditPageFrameOptions = "SAMEORIGIN";into the mediawiki php config file.
Hope it helps.
讨论(0)
加载中...
- 热议问题