I-Frame 'X-Frame-Options' to 'sameorigin' Issue!

Sumeet Verma
Mega Expert

Hi,

one of my team is trying to open our Service now Instance through the I-Frames and getting below error. can someone please suggest steps to fix this issue. thanks...

 

find_real_file.png

i got a suggestion as below to tweak the Web security file but i dont find it in the navigator search.

where and how do i do it. thanks...

find_real_file.png

2 REPLIES 2

danb2015
Kilo Contributor

Sumeet,

Did you ever find a solution to this?

kevinkatler
Kilo Contributor

You cannot display a lot of websites inside an iFrame. Reason being that they send an "X-Frame-Options: SAMEORIGIN" response header. This option prevents the browser from displaying iFrames that are not hosted on the same domain as the parent page.

 

I faced the same error when displaying YouTube links. For example: https://www.youtube.com/watch?v=8WkuChVeL0s

 

I replaced watch?v= with embed/ so the valid link will be: https://www.youtube.com/embed/8WkuChVeL0s

It works well.

 

Try to apply the same rule on your case.

 

SAMEORIGIN

The page can only be displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain, although it is argued that the option is not very useful unless all ancestors are also in the same origin.