I'm building a Facebook app and I have noticed that when attempting to get the login status of the user using their Javascript API, I sometimes get the error:
"Refused to display document because display forbidden by X-Frame-Options."
I've been able to reproduce this every time I hit the "check login status" page of the app only while using Facebook as a page, rather than my user account. This is easy enough to avoid now that I know this causes the problem, but obviously my users may not know this.
Is there a way to determine whether or not the user is using Facebook as a Page or not? Since that seems to pretty much ruin my entire app.
X-Frame-Options:DENY is a header that forbids a page from being displayed in a frame. If your server is configured to send this heading, your sign-on screen will not be allowed to load within the embed codes provided by Credo, which use the iframe HTML element.
If you want to load a other website into an iFrame and you get the Display forbidden by X-Frame-Options” error then you can actually overcome this by creating a server side proxy script. This by passes the block, because it is just a GET request that might as wel have been a ordinary browser page visit.
I had this problem too, fixed it with: The app was redirecting the user to a login screen from Facebook (auth dialog box), while the user was already logged in. So I changed the code to redirect either to the success page if logged in, or to the dialog box if not logged in.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With