Receiving this message in the console: Refused to display in a frame because it set 'X-Frame-Options' to DENY
This happens when the site is being shown in the mobile version, its just a different set of html and assets served up if the user agent is a mobile device.
It does display m.facebook.com in the console error message.
FB.ui(
{
method: 'share',
href: 'https://www.espn.com/mlb',
},
function(response) {
if (response && !response.error_code) {
console.log('shared_post');
//facebook_post_to_fanpage(access_token_data, link_id, song);
return true;
} else {
return false;
}
}
);
I am able to use the FB.api on the mobile version of the site, as well as login and getauth without any problem, but it gives me fits when I try to use FB.ui, both the share and feed methods.
I figured I'd be in the clear if I was using the facebook javascript sdk.
X-Frame-Options:DENY is a header that forbids a page from being displayed in a frame. If your server is configured to send this heading, your sign-on screen will not be allowed to load within the embed codes provided by Credo, which use the iframe HTML element.
If you want to load a other website into an iFrame and you get the Display forbidden by X-Frame-Options” error then you can actually overcome this by creating a server side proxy script. This by passes the block, because it is just a GET request that might as wel have been a ordinary browser page visit.
Chrome does not support the ALLOW-FROM directive in X-Frame-Options. So if we are going to do anything involving other domains, we need something similar. We can stitch together a patchwork configuration involving both headers, which does something more than just allow same-origin framing.
The error indicates that either the application has set an X-Frame-Options header to SAMEORIGIN or Chrome browser did. This means that the application has disallowed loading of the resource in an iframe outside of its domain.
I got my solution from this post: Loading Iframe Facebook (Load denied by X-Frame-Options)
I got the same issue, and it got fixed, when i used target="_top" for the link , and it is now working perfectly.
You must allow your mobile app domain in the FB developers dash. I had this issue with FB.ui - 'share' when the user wasn't logged into FB.
I found this video quite helpful : https://www.youtube.com/watch?v=7CNpLgwa0-c
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With