Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community!
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.Start your free trial
john DOe27,897 Points
iFrame: Load denied by X-Frame-Option: "website" does not permit cross-origin framing.
I have a website I made, and I want to put in in an iFrame on another website, but I am getting this error. Is there anyway I can fix it?
I think you need to set or remove the X-Frame-Options HTTP response header, ie:
"The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> . Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites."
On a Ruby on Rails project you can create an after_filter in application_controller to do that globally:
class ApplicationController < ActionController::Base protect_from_forgery
private def set_header_for_iframe response.headers.delete "X-Frame-Options" end end
In other programming frameworks I'm not so sure what's the way to go. Cheers!