Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Refused to display in a frame because it set 'X-Frame-Options' to DENY facebook fb.ui share method

Receiving this message in the console: Refused to display in a frame because it set 'X-Frame-Options' to DENY

This happens when the site is being shown in the mobile version, its just a different set of html and assets served up if the user agent is a mobile device.

It does display m.facebook.com in the console error message.

FB.ui(
{
    method: 'share',
    href: 'https://www.espn.com/mlb',
},
    function(response) {
        if (response && !response.error_code) {
          console.log('shared_post');
          //facebook_post_to_fanpage(access_token_data, link_id, song);
          return true;
        } else {
          return false;
        }
    }
);      

I am able to use the FB.api on the mobile version of the site, as well as login and getauth without any problem, but it gives me fits when I try to use FB.ui, both the share and feed methods.

I figured I'd be in the clear if I was using the facebook javascript sdk.

like image 665
Brad Avatar asked May 09 '14 02:05

Brad


People also ask

What is X-Frame-Options deny?

X-Frame-Options:DENY is a header that forbids a page from being displayed in a frame. If your server is configured to send this heading, your sign-on screen will not be allowed to load within the embed codes provided by Credo, which use the iframe HTML element.

How do I ignore X-Frame-options?

If you want to load a other website into an iFrame and you get the Display forbidden by X-Frame-Options” error then you can actually overcome this by creating a server side proxy script. This by passes the block, because it is just a GET request that might as wel have been a ordinary browser page visit.

Does Chrome support X-Frame-options allow From?

Chrome does not support the ALLOW-FROM directive in X-Frame-Options. So if we are going to do anything involving other domains, we need something similar. We can stitch together a patchwork configuration involving both headers, which does something more than just allow same-origin framing.

Is a Frame because it set X-Frame-options to Sameorigin?

The error indicates that either the application has set an X-Frame-Options header to SAMEORIGIN or Chrome browser did. This means that the application has disallowed loading of the resource in an iframe outside of its domain.


2 Answers

I got my solution from this post: Loading Iframe Facebook (Load denied by X-Frame-Options)

I got the same issue, and it got fixed, when i used target="_top" for the link , and it is now working perfectly.

like image 114
RuHa Avatar answered Oct 10 '22 04:10

RuHa


You must allow your mobile app domain in the FB developers dash. I had this issue with FB.ui - 'share' when the user wasn't logged into FB.

I found this video quite helpful : https://www.youtube.com/watch?v=7CNpLgwa0-c

like image 6
Vojtiik Avatar answered Oct 10 '22 04:10

Vojtiik