javascript – Dynamics, iFrames-ThrowExceptions

Exception or error:

Good day everyone.

So I have a website and I am trying to embed in an iframe a dynamics server and it keeps throwing an error something about

‘Refused to display https://XXXXXXXXXXXX in a frame because it set ‘X-Frame-Options’ to ‘deny’.

Any ideas how I can get it to work?

This happens when we try to redirect the page to a login page.


How to solve:

Check X-Frame-Options hearder:

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

Based on the above statement, this is something that the ‘https://XXXXXXXXXXXX‘ has added to the page to disallow it from being used as an <iframe>

You can see that this can even be configured globally on a web server level, to secure all the websites.

If the website is in the same domain the workaround is easier using SameOrigin value.

If you want to allow all, then just don’t set the response header for the XXXXXXXX site at all (if you have access to it).

Leave a Reply

Your email address will not be published. Required fields are marked *