Refused to display 'https://xpto.pt/' in a frame because it set 'X-Frame-Options' to 'sameorigin''

相关文章推荐

风流倜傥的大蒜 · 控制 video ...· 6 天前 ·

冷静的帽子 · 中华人民共和国司法部· 2 月前 ·

乐观的甜瓜 · 无人生还丨十个小士兵，一个也不剩· 2 月前 ·

发财的青椒 · 陆羽《茶经》中的楚方言词-天门市人民政府· 3 月前 ·

阳刚的大熊猫 · ？120 帧只有配置要求-西瓜视频· 4 月前 ·

仗义的伏特加 · 知“耻”与心存戒惧-中央纪委网站· 8 月前 ·

Hello,

Anyone with any solution? I have a component developed to preview pdf ́s files. It turns out that today is giving this message "Refused to display 'https://xpto.pt/' in a frame because it set 'X-Frame-Options' to 'sameorigin''"

I have checked in IIS and has no header with this configuration, nor in the component code...

Does anyone know the source of the problem and how to solve it? Thanks

Hi @ Flórida da Graça Botelho Araújo ,

According to your description, unfortunately I cannot reproduce your problem. I want to confirm if you use and develop it in SharePoint?

Based on this error message: Refused to display 'https://xpto.pt/' in a frame because it set 'X-Frame-Options' to 'sameorigin''. Please try to do some troubleshooting:

Please make sure you are using


      embedded=true

while adding source in the iframe. For example:

<iframe class="xpto" src="https://xpto.pt/&embedded=true"></iframe>
2.If your application have web.config then add the following tag in web.config:
<system.webServer>
    <httpProtocol>
        <customHeaders>
            <add name="X-Frame-Options" value="ALLOW" />
        </customHeaders>
    </httpProtocol>
</system.webServer>
This will allow application to append iframe from other origin also. You can also use the following value for X-Frame-Option :
X-FRAME-OPTIONS: ALLOW-FROM https://example.com/ 
Similar issue for reference: 
Refused to display ‘url’ in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’
How to fix Refused to display in a frame because it set 'X-Frame-Options' to 'sameorigin
Hope it can help you. Thanks for your understanding.
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
						Captura de ecrã 2023-01-11 105521.pngHello
Thanks for the repsonse. 
I have added in the web.config the setting.
However, now the error in the image below appears "Refused to display 'https:... in a frame because it set multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, ALLOW'). Falling back to 'deny'."
 I have checked in webpart and in IIS and there is no SAMEORIGIN setting...where could this setting be?
 I also noticed that the behavior of the component differs by browser. In IE it says "This browser does not support inline PDFs. Please download the PDF to view it: Download PDF", in Edge it says "www.xpto.pr refused to connect".
Any suggestions?
						I've done everything, but I'm still in trouble. 
I also followed this post [http://sadomovalex.blogspot.com/2015/12/remove-x-frame-options-sameorigin-http.html
and returns the error of the attached image... 
       Invalid 'X-Frame-Options' header encountered when loading 'https://www.xpto.pt/': '' is not a recognized directive. The header will be ignored.
1.png
Any suggestions? Thanks