Good day everyone.
So I have a website and I am trying to embed in an iframe a dynamics server and it keeps throwing an error something about
‘Refused to display
https://XXXXXXXXXXXX in a frame because it set ‘X-Frame-Options’ to ‘deny’.
Any ideas how I can get it to work?
This happens when we try to redirect the page to a login page.
Check X-Frame-Options hearder:
X-Frame-OptionsHTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a
<object>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.
Based on the above statement, this is something that the ‘https://XXXXXXXXXXXX‘ has added to the page to disallow it from being used as an
You can see that this can even be configured globally on a web server level, to secure all the websites.
If the website is in the same domain the workaround is easier using
If you want to allow all, then just don’t set the response header for the XXXXXXXX site at all (if you have access to it).