Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

General Discussion

iFrame: Load denied by X-Frame-Option: "website" does not permit cross-origin framing.

Dear Treehouse,

I have a website I made, and I want to put in in an iFrame on another website, but I am getting this error. Is there anyway I can fix it?

2 Answers

14,107 Points

I think you need to set or remove the X-Frame-Options HTTP response header, ie:

"The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> . Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites."


On a Ruby on Rails project you can create an after_filter in application_controller to do that globally:

class ApplicationController < ActionController::Base protect_from_forgery

after_filter :set_header_for_iframe

private def set_header_for_iframe response.headers.delete "X-Frame-Options" end end

In other programming frameworks I'm not so sure what's the way to go. Cheers!

How would I do this in JS?