Refused to display 'https://xxxx.com/' in a frame because it set 'X-Frame-Options'

Peter8 · yesterday

Hi all, I have create custom widget, embed 3rd website, but it show some error message, how can I resolved it?

Ankur Bawiskar · 3 hours ago

you can't embed external website within ServiceNow due to security reason and external website wants to avoid clickjacking attack.

Reason being that external website must be sending an "X-Frame-Options: SAMEORIGIN" or "X-Frame-Options: DENY" in response header.

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Peter8 · 2 hours ago

Hi @Ankur Bawiskar ,

Do you know if there is a way for me to obtain the access token and refresh token after logging in through AAD SSO?

Ankur Bawiskar · 2 hours ago

@Peter8

what's your exact requirement?

which external website is this?

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Peter8 · 2 hours ago

Hi @Ankur Bawiskar ,

I want to integrate a third-party website into SNOW. If a user of this system logs in via SSO and then accesses this page, we will find that since they have already logged in, there is no need for manual login. The SSO information will automatically log them in.