Support » Developing with WordPress » Refused to display in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’

  • Hello,

    When the user is directed to google authentication (or fb auth, etc) in an iframe, the following error message occurs:
    Refused to display 'https://accounts.google.com/o/oauth2/v2/auth?access_type=offline&approval_prompt=force&response_type=code&redirect_uri=...6063sqv.apps.googleusercontent.com' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
    and the iframe goes blank.

    It was working fine before.

    Can anyone help to understand why is this problem coming now? Is it something with the plugin code, or with WP update? or something else?

    What can be done to fix it?

    Thank you.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    It’s completely unrelated to WP in any way. It’s additional security that browsers have started enforcing. It allows sites to manage if and who can embed their content in iframes. I believe it is in response to cross site phishing scams. Scammers are why we cannot have nice things.

    I would imagine that Google and FB authorizations now need to be managed through their respective API’s, but I’ve no experience in utilizing their authorizations. As long as sites are sending headers with sameorigin, iframes are completely out of play for us.

    gsn16

    (@gsn16)

    Thank you @bcworkz

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.