Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.

Getting security warning even when X-Frame-Options: SAMEORIGIN added to subpage loaded in iframe

  • 2 fhreagra
  • 0 leis an bhfadhb seo
  • 7 views
  • Freagra is déanaí ó cor-el

shibu.osc
shibu.osc
more options

In our application we are opening a sub page in an iframe within the main page. Both pages are form the same Domain. Although we've added X-Frame-Options: SAMEORIGIN to the page loaded in the iframe, it still gives this error. Could you please suggest on how to solve this issues, what would I be missing?

Thanks in Advance! Shibu.

In our application we are opening a sub page in an iframe within the main page. Both pages are form the same Domain. Although we've added X-Frame-Options: SAMEORIGIN to the page loaded in the iframe, it still gives this error. Could you please suggest on how to solve this issues, what would I be missing? Thanks in Advance! Shibu.

All Replies (2)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

Hi Shibu, does your server send any Content-Security-Policy headers? This overrrides X-Frame-Options if both are sent:

https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

Otherwise, perhaps there is a more subtle mismatch in the protocol, host name, or port.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

You can also check this in the Network Monitor.