Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Refused to display 'url' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'

<script async="" defer="" src="//survey.g.doubleclick.net/async_survey?site=vj2nngtlb7sbtnveaepk5so4ke"></script> 

Screenshot of the error:

and I'm getting

Refused to display 'https://survey.g.doubleclick.net/gen204/d?zx=5cbpafvsv9le' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. 

error with the google survey setup.

like image 806
Saikat Chakrabortty Avatar asked Jan 07 '17 14:01

Saikat Chakrabortty


People also ask

How do I remove X-Frame-options in SAMEORIGIN?

You can remove the HTTP header X-Frame-Options: SAMEORIGIN from WordPress by removing the send_frame_options_header function from the admin_init and login_init hooks.

How do you fix a refused Frame?

Correction of the error «Refused to frame '<URL>'» is obvious - you need to add the blocked host-source from '<URL>' to the directive, in which it blocks. It becomes clear that the source https://www.yourube.com must be added to the frame-src directive to get rid of iframe blocking.

What is the difference between setting X-Frame-options to deny vs SAMEORIGIN?

X-Frame-Options allows content publishers to prevent their own content from being used in an invisible frame by attackers. The DENY option is the most secure, preventing any use of the current page in a frame. More commonly, SAMEORIGIN is used, as it does enable the use of frames, but limits them to the current domain.


2 Answers

I faced the same error when displaying YouTube links. For example: https://www.youtube.com/watch?v=8WkuChVeL0s

I replaced watch?v= with embed/ so the valid link will be: https://www.youtube.com/embed/8WkuChVeL0s

It works well.

Try to apply the same rule on your case.

like image 57
Mohammed Osman Avatar answered Sep 17 '22 08:09

Mohammed Osman


You cannot display a lot of websites inside an iFrame. Reason being that they send an "X-Frame-Options: SAMEORIGIN" response header. This option prevents the browser from displaying iFrames that are not hosted on the same domain as the parent page. This is a security feature to prevent click-jacking. Some details at How to show google.com in an iframe?

This could be of some help : https://www.maketecheasier.com/create-survey-form-with-google-docs/

like image 30
Anurag Sinha Avatar answered Sep 21 '22 08:09

Anurag Sinha