Menu
I'm working on a website for a shop and I'm using the GooleMaps Engine Lite to show his location. It works on IE9 and 10, Safari for Windows, iOS and MacOs and Mozilla Firefox, but it's not working on Chrome. If I use the Javascript Console I can see the following error:
Refused to display 'https://accounts.google.com/ServiceLogin?service=mapsengine&passive=1209600…up=https://mapsengine.google.com/map/embed?mid%3DzehbkDaSW5QM.kyKZHGifzxMc' in a frame because it set 'X-Frame-Options' to 'DENY'.
Could anybody help me?
376
Enabling X-Frame-Options headerOpen up the Network panel in Chrome DevTools and if your site is using a security header it will show up on the Headers tab. Another quick way to check your security headers is to quickly scan your site with a free tool, securityheaders.io, created by Scott Helme.
First time I had the problem it disappeared when I rebooted my computer, but today the problem appeared again. I've read on Google forums that the conflict comes when you are semi-logged with your Google account. If I log out completely my account or log in the map re-starts to work. In Safari you will find the same issue.
A temporary solution is sandbox the map iframe to forbid it to access the cookies.
138
https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a
<frame>or<iframe>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.
The counter-question I have to you is why are you implementing that URL in an iframe, when it specifically tells the browser it does not want to be loaded in an iframe?
Did you follow the instructions at https://support.google.com/mapsenginelite/answer/3024935?hl=en when embedding the map?
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
