4

Possible Duplicate:
Overcoming “Display forbidden by X-Frame-Options”

I have this HTML code on a server (Heroku). From the iframe of www.example.com I click on the "login to google" button, but I get this error message: 

Refused to display document because display forbidden by X-Frame-Options

I tried adding the <meta http-equiv="X-Frame-Options" content="GOFORIT"> on the header of www.example.com but still doesn't work. Any ideas? Thanks

<html>
<head>
<title>Test</title>
</head>
<body>
<iframe src="http://www.example.com" width=1000 height=1000></iframe>
</body>
</html>
Community
  • 1
  • 1
  • may be have a look on this thread http://stackoverflow.com/questions/6666423/overcoming-display-forbidden-by-x-frame-options I tested and Its working fine on my side. – admoghal Nov 12 '12 at 00:13

1 Answers1

5

You have to use real HTTP response headers. <meta http-equiv> isn't really equivalent.

How you set those depends on your server and/or server side programming language.

e.g. for Apache, with mod_headers:

Header set X-Frame-Options GOFORIT

… will do the job.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • Thanks. What would this HTTP response header be like for GWT? –  Nov 12 '12 at 08:07
  • 1
    The response header would be the same for any system — `X-Frame-Options: GOFORIT` — how you set response headers in GWT, I have no idea. – Quentin Nov 12 '12 at 08:10
  • Just to be clear, should I include that header on www.example.com (server side) or on the website that contains the iframe (server side)?? Thanks again –  Nov 12 '12 at 10:20
  • The website that is being put in the frame. – Quentin Nov 12 '12 at 13:30