Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
john DOe
27,897 PointsiFrame: Load denied by X-Frame-Option: "website" does not permit cross-origin framing.
Dear Treehouse,
I have a website I made, and I want to put in in an iFrame on another website, but I am getting this error. Is there anyway I can fix it?
2 Answers
psousa
14,107 PointsI think you need to set or remove the X-Frame-Options HTTP response header, ie:
"The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> . Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites."
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
On a Ruby on Rails project you can create an after_filter in application_controller to do that globally:
class ApplicationController < ActionController::Base protect_from_forgery
after_filter :set_header_for_iframe
private def set_header_for_iframe response.headers.delete "X-Frame-Options" end end
In other programming frameworks I'm not so sure what's the way to go. Cheers!
john DOe
27,897 PointsHow would I do this in JS?