Refused to display 'https://xxxx.com/' in a frame because it set 'X-Frame-Options'

Peter8 · 3 weeks ago

Hi all, I have create custom widget, embed 3rd website, but it show some error message, how can I resolved it?

Tanushree Maiti · 3 weeks ago

You are encountering the error for clickjacking prevention from external site where the external website explicitly blocks other sites from embedding it in an iframe for security reasons.

Here Solution could be

Using Popup window: Open the external link in a new, small browser window using window.open()

OR

Contact the External Website Owner: The most direct solution is to contact the administrator of https://xxxx.com/ and request that they configure their server to allow framing from your ServiceNow domain. This often involves adding a Content-Security-Policy (CSP) frame-ancestors directive or an X-Frame-Options: ALLOW-FROM header specifying your instance's URL.

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:

View solution in original post

Peter8 · 3 weeks ago

Hi @Tanushree Maiti ,

Do you know how can I add this in servicenow instance, for example, I want to embed Prod to DEV, how can I add this policy in Prod instance?

Tanushree Maiti · 3 weeks ago

Share your widget details where you have mentioned the 3rd party site

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:

Peter8 · 3 weeks ago

Hi @Tanushree Maiti ,

Currently, I have embedded the ServiceNow Prod environment in the ServiceNow Dev environment, and then displayed this error. How can I add policies and hear in the Prod instance?