Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Refused to display in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'

I am developing a website that is supposed to be responsive so that people can access it from their phones. The site has got some secured parts that can be logged into using Google, Facebook, ...etc (OAuth).

The server backend is developed using ASP.Net Web API 2 and the front end is mainly AngularJS with some Razor.

For the authentication part, everything is working fine in all browsers including Android but the Google authentication is not working on iPhone and it gives me this error message

Refused to display 'https://accounts.google.com/o/openid2/auth ?openid.ns=http://specs.openid.ne…tp://axschema.org/namePerson /last&openid.ax.required=email,name,first,last' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. 

Now as far I am concerned I do not use any iframe in my HTML files.

I googled around, but no answer got me to fix the issue.

like image 452
Ali Hmer Avatar asked Dec 10 '13 15:12

Ali Hmer


People also ask

What is Sameorigin in X-Frame-options?

X-Frame-Options:SAMEORIGIN - This means that the page can only be embedded in a frame on a page with the same origin as itself. X-Frame-Options:ALLOW-FROM - The page can only be displayed in a frame on the specified origin. This only works in browsers that support this header.

How do I remove X-Frame-options in Sameorigin?

You can remove the HTTP header X-Frame-Options: SAMEORIGIN from WordPress by removing the send_frame_options_header function from the admin_init and login_init hooks.


1 Answers

I found a better solution, maybe it can help somebody replace "watch?v=" by "v/" and it will work

var url = url.replace("watch?v=", "v/"); 
like image 113
Aymen Mouelhi Avatar answered Sep 19 '22 13:09

Aymen Mouelhi