Invalid 'X-Frame-Options' Header. ' ' is not a recognized directive

Question

I'm using the Zuora hosted payment iframe. In short, you load the Zuora library to give you access to a Z object containing the Zuora API methods. Using Z.render() to render the payment form into an iframe.

When the iframe loads this error is shown in the console:

Invalid 'X-Frame-Options' Header when loading '[URL-HERE]': ' ' is not a recognized directive. The header will be ignored.

Based on the MDN docs for X-Frame Options the available directives are DENY, SAMEORIGIN, or ALLOWFROM [URL].

Is this directive supposed to be set on our server making the request? Or is this an issue on the e-commerce's API?

Answer 1

There are several threads on the Zuora community forum regarding this error. In short, the error is on Zuora's end, Zuora is aware of the issue, and has yet to provide a fix.

A few relevant threads:

• https://community.zuora.com/t5/Integrations-Extensions/Error-X-Frame-Options/td-p/10331
• https://community.zuora.com/t5/Billing-Payment-Ideas/Z-render-Error-X-Frame-Options/idc-p/14867
• https://community.zuora.com/t5/Billing-Payment-Ideas/Make-sure-HPM-2-0-Page-Doesn-t-Cause-Browser-Errors-even/idc-p/14868