I have a very old site built in ASP .Net 2008 by an external team who I have no contact with. All of a sudden a page doesn't seem to render properly in Chrome and FireFox but works fine with other browsers. The page is set with an iFrame.
Looking under Inspect Element (Chrome) for the page failing to render I see the error
Refused to display '.html' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN, SAMEORIGIN'.
So read a few articles and I may not understand this fully but it seems to me the error is, the domain requested will NOT allow itself to be displayed within a frame.
The URL above is not the URL I am familiar with (i.e. its third party, I don't have any control with it). Is there anyway to resolve this or is this purely the owner of the domain would have to allow? IF so why does it work in other browsers?
I have a very old site built in ASP .Net 2008 by an external team who I have no contact with. All of a sudden a page doesn't seem to render properly in Chrome and FireFox but works fine with other browsers. The page is set with an iFrame.
Looking under Inspect Element (Chrome) for the page failing to render I see the error
Refused to display 'http://www.example./somepage.html' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN, SAMEORIGIN'.
So read a few articles and I may not understand this fully but it seems to me the error is, the domain requested will NOT allow itself to be displayed within a frame.
The URL above is not the URL I am familiar with (i.e. its third party, I don't have any control with it). Is there anyway to resolve this or is this purely the owner of the domain would have to allow? IF so why does it work in other browsers?
Share Improve this question edited Dec 15, 2015 at 13:48 Computer asked Dec 15, 2015 at 12:27 ComputerComputer 2,2277 gold badges42 silver badges83 bronze badges2 Answers
Reset to default 1Is there anyway to resolve this
Not at your end.
or is this purely the owner of the domain would have to allow?
This
IF so why does it work in other browsers?
Speculating a little here, but SAMEORIGIN, SAMEORIGIN is not a valid value. It looks like Chrome is attempting error recovery and treating it as SAMEORIGIN
Quentin answer summaries it well.
In addition, if it is an external site beyond your control, they may have good reasons to forbid framing. (Like preventing click-jacking.)
They may also have included a Content-Security-Policy:frame-ancestors 'self' header which would have the same effect.
(And currently, a bug in Chromium (and Chrome) causes X-Frame-Options to take precedence over Content-Security-Policy while it should not.)
You may hack that if their site is served over http (not https) and you have control of a mon network device through which all your users network traffic to this site must go. I mean, on that device, if it does allow you to do so, you may filter out 'undesired' headers from responses of this site.
Of course, this is a debatable hack. Depending on terms of uses of the 'victim' site, it could even be a legal issue to do so.
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744853378a4597259.html
评论列表(0条)