Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AJAX and YouTube: 'X-Frame-Options' to 'SAMEORIGIN'.

Tags:

jquery

ajax

youtube

iframe

I'm writing a site where content is loaded dynamically via jQuery. The reason for this is to leave an audio player running while being able to navigate through page content without refresh.

Ran into trouble trying to get YouTube videos to work, it's setup like this.

Site content is loaded using .load(), and for the videos page it contains an unordered list of links to YouTube videos, and each with an empty <div> for <iframe>'s. Clicking on a link grows the <li> and embeds the <iframe> with the video.

Everything works well except the <iframe> will not load the source, throwing this error.

Refused to display 'http://www.youtube.com/watch?v=myvideo' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

Also tried adding <iframe> into <li> with display: none; with same result.

I thought I understood the javascript same domain policy, but this is beyond me. Googling the error leads me to believe it's something server side? But that doesn't make any sense.

Hard to fiddle something like this, hope it makes sense.

like image 926
HandsomeRob Avatar asked Aug 08 '13 21:08

HandsomeRob

People also ask

What is SAMEORIGIN in X-Frame-options?

X-Frame-Options:SAMEORIGIN - This means that the page can only be embedded in a frame on a page with the same origin as itself. X-Frame-Options:ALLOW-FROM - The page can only be displayed in a frame on the specified origin. This only works in browsers that support this header.

How do I set X-Frame-options to allow all?

You can then send a X-Frame-Options response HTTP header with the value: "Allow-From ip-address", where ip address is the remote ip address that is trying to embed content on your server. This will allow your website to be embedded by all websites that are accessed using an ip address from the browser.

How do I enable X-Frame-options in iframe?

Double-click the HTTP Response Headers icon in the feature list in the middle. In the Actions pane on the right side, click Add. In the dialog box that appears, type X-Frame-Options in the Name field and type SAMEORIGIN in the Value field. Click OK to save your changes.

1 Answers

The error means that the document may only be used as iframe inside documents located at www.youtube.com

Use the URL of the embed-code instead:

http://www.youtube.com/embed/myvideo

it will send a X-Frame-Options-header with a value of ALLOWALL

like image 108
Dr.Molle Avatar answered Sep 19 '22 09:09

Dr.Molle
Sign in to Comment

Related questions

jquery select class with value
How to check the background-color of an element using jquery
Replace all text before a certain point
Restrict input field to two decimals with jQuery
Jquery addclass/removeclass on click
Check if a textbox contains numbers only
typeahead.js not returning all results
JQuery/Javascript Reordering rows
how to disable certain links of jquery accordion
jquery animate: change the element's opacity one by one
How to restrict jQuery UI Datepicker to disallow dates in the future?
global or local variables in a jquery-plugin
display div inside text area
Check if a JQuery mobile checkbox is checked
Email contact form without PHP
Applying delay between iterations of javascript for loop
Click not working after ajax content has loaded
Regex to only allow numbers under 10 digits?
jQuery validation - required working but accept not
Error rendering data with Javascript / KendoUI autocomplete - Object #<Object> has no method 'slice' - how to resolve?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!