0 votes

I try to display an external web page in an iFrame inside a widget but I got this error;
Refused to display 'http://www.xxx.fr/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
Is there a way to set the iFrame to by pass this problem

closed with the note: Great thanks
asked in Partners by (182 points)
closed by

1 Answer

0 votes

If the external domain is not yours, there is not much you can do to overcome this security limitation of the browser. It was designed to work like this.

As explained on MDN X-Frame-Options

The X-Frame-Options HTTP response header can be used to indicate whether
or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> .
Sites can use this to avoid clickjacking attacks, by ensuring that their content is
not embedded into other sites.

The added security is only provided if the user accessing the document is
using a browser supporting X-Frame-Options.

answered by (7k points)
Welcome to Efficy Overflow, where you can ask questions and receive answers from other members of the community.
1,193 questions
1,459 answers
327 users