Refused to display 'url' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'
JavascriptGoogle SurveysJavascript Problem Overview
<script async="" defer="" src="//survey.g.doubleclick.net/async_survey?site=vj2nngtlb7sbtnveaepk5so4ke"></script>
Screenshot of the error:
and I'm getting
Refused to display 'https://survey.g.doubleclick.net/gen204/d?zx=5cbpafvsv9le' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
error with the google survey setup.
Javascript Solutions
Solution 1 - Javascript
I faced the same error when displaying YouTube links.
For example: https://www.youtube.com/watch?v=8WkuChVeL0s
I replaced watch?v=
with embed/
so the valid link will be:
https://www.youtube.com/embed/8WkuChVeL0s
It works well.
Try to apply the same rule on your case.
Solution 2 - Javascript
You cannot display a lot of websites inside an iFrame. Reason being that they send an "X-Frame-Options: SAMEORIGIN" response header. This option prevents the browser from displaying iFrames that are not hosted on the same domain as the parent page. This is a security feature to prevent click-jacking. Some details at https://stackoverflow.com/questions/8700636/how-to-show-google-com-in-an-iframe
This could be of some help : https://www.maketecheasier.com/create-survey-form-with-google-docs/
Solution 3 - Javascript
I was facing this issue in Grafana and all I had to do was go to the config file and change allow_embedding to true and restart the server :)
Solution 4 - Javascript
This happens because of your application does not allow to append iframe from origin other than your application domain.
If your application have web.config then add the following tag in web.config
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="ALLOW" />
</customHeaders>
</httpProtocol>
</system.webServer>
This will allow application to append iframe from other origin also. You can also use the following value for X-Frame-Option
X-FRAME-OPTIONS: ALLOW-FROM https://example.com/
Solution 5 - Javascript
I think You are trying to use the normal URL of video Like this :
Copying Direct URL from YouTube
That doesn't let you display the content on other domains.To Tackle this up , You should use the Copy Embed Code feature provided by the YouTube itself .Like this :
That would free you up from any issues .
For the above Scenario :
-
Go to Youtube Video
-
Copy Embed Code
-
Paste that into your Code ( Make sure you Escape all the " ( Inverted Commas) by " .
Solution 6 - Javascript
I came across the same problem using a Wordpress page and plugin. This didn't work for the iframe plugin
[iframe src="https://itunes.apple.com/gb/app/witch-hunt/id896152730#?platform=iphone"]
but this does:
[iframe src="https://itunes.apple.com/gb/app/witch-hunt/id896152730" width="100%" height="480" ]
As you see,
I just left off the #?platform=iphone
part in the end.
Solution 7 - Javascript
If you're using Rails >4, this worked for me:
Add this line inside the respective controller method:
response.headers["X-FRAME-OPTIONS"] = "ALLOWALL"
e.g.:
def extension
response.headers["X-FRAME-OPTIONS"] = "ALLOWALL"
...
end
Solution 8 - Javascript
I've had this issue with an Angular app where I tried the bypassSecurityTrustResourceUrl
available within DomSanitizer
however, it didn't work.
Following code within the template section was needed.
<iframe [src]="iframeLink | safeUrl" style="position:absolute; top:0; left:0; width:100%; height:100%;"></iframe>
A pure pipe is employed here to sanatize URL input on the DOM.
Component should have the safeUrl
pipe as follows;
@Pipe({
name: "safeUrl",
pure: true
})
export class SafeUrlPipe implements PipeTransform {
constructor(private sanitizer: DomSanitizer) {}
transform(url: string): SafeResourceUrl {
return this.sanitizer.bypassSecurityTrustResourceUrl(url);
}
}
Although this setup will allow a piece of URL to be sanatized and rendered in the DOM, you may still run into an issue on the hosting part of your URL. For example, if you're trying to display a page from https://bit.ai but it's not displayed, try and alter your URL in the following manner:
https://acme.bit.ai/docs/**view**/4fkh34972kahf
changed to