Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to set 'X-Frame-Options' on iframe?

Tags:

javascript

jquery

x-frame-options

You can't set X-Frame-Options on the iframe. That is a response header set by the domain from which you are requesting the resource (google.com.ua in your example). They have set the header to SAMEORIGIN in this case, which means that they have disallowed loading of the resource in an iframe outside of their domain. For more information see The X-Frame-Options response header on MDN.

A quick inspection of the headers (shown here in Chrome developer tools) reveals the X-Frame-Options value returned from the host.

enter image description here


X-Frame-Options is a header included in the response to the request to state if the domain requested will allow itself to be displayed within a frame. It has nothing to do with javascript or HTML, and cannot be changed by the originator of the request.

This website has set this header to disallow it to be displayed in an iframe. There is nothing a client can do to stop this behaviour.

Further reading on X-Frame-Options


In case you are in control of the Server that sends the content of the iframe you can set the setting for X-Frame-Options in your webserver.

Configuring Apache

To send the X-Frame-Options header for all pages, add this to your site's configuration:

Header always append X-Frame-Options SAMEORIGIN

Configuring nginx

To configure nginx to send the X-Frame-Options header, add this either to your http, server or location configuration:

add_header X-Frame-Options SAMEORIGIN;

No configuration

This header option is optional, so if the option is not set at all, you will give the option to configure this to the next instance (e.g. the visitors browser or a proxy)

source: https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options


Since the solution wasn't really mentioned for the server side:

One has to set things like this (example from apache), this isn't the best option as it allows in everything, but after you see your server working correctly you can easily change the settings.

           Header set Access-Control-Allow-Origin "*"
           Header set X-Frame-Options "allow-from *"

and if nothing helps and you still want to present that website in an iframe consider using X Frame Bypass Component which will utilize a proxy.

Related questions

How to trigger jQuery change event in code
Is there a way that I can check if a data attribute exists?
How to detect if URL has changed after hash in JavaScript
Create array of all integers between two numbers, inclusive, in Javascript/jQuery
How to sort in mongoose?
Getting all selected checkboxes in an array
throw Error('msg') vs throw new Error('msg')
Convert RGB to RGBA over white
How to send push notification to web browser?
How to access component methods from “outside” in ReactJS?
Property 'value' does not exist on type EventTarget in TypeScript
Replace multiple whitespaces with single whitespace in JavaScript string
How to jump to top of browser page
Dynamically creating keys in a JavaScript associative array
How can I stop the browser back button using JavaScript?
How to get the anchor from the URL using jQuery?
How to prevent moment.js from loading locales with webpack?
How to subtract date/time in JavaScript? [duplicate]
Set keyboard caret position in html textbox
What is the difference between synchronous and asynchronous programming (in node.js)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!