Loading Iframe Facebook (Load denied by X-Frame-Options)

Question

My team is in charge of some difficulties with an app on Facebook. We believe this occurred some error in loading the iframe. We discovered this error through Firebug:

Load denied by X-Frame-Options: https://www.facebook.com/dialog/oauth?client_id=140656472747871&redirect_uri=https%3A%2F%2Fnuvemapps.com.br%2Fci%2Fncupons%2Fhome%2F%3Ffb_source%3Dsearch%26ref%3Dts%26fref%3Dts&state=32e667a3645c047d751d20811d49ef6b&req_perms=email%2C+publish_steram%2C+manage_pages does not permit framing.

This happens mainly with people who have not allowed the app, so we do not know specifically where this problem is starting. We still have three possible causes left:

Server Configuration
Problem with our coding
Or in our setup facebook app dev

Can anyone help in identifying this error?

Here is the link to the app: https://apps.facebook.com/cupomigo

Isn't this a security thing? If you could load facebook login into an iframe then you could do click jacking. — Ian Warburton, Feb 22 '15 at 22:12
If you're in control of the server this is running on, check what security middleware you might be using. For example, I'm running a node server and I had to disable xssFilter middleware and frameguard middleware. Now this error is gone. — Stephen Tetreault, Oct 16 '17 at 21:04

score 21 · Answer 1 · edited Dec 04 '21 at 22:28

21

I used target="_top" for the link, and it is now working perfectly.

edited Dec 04 '21 at 22:28

Tomerikoo

18,379
16
47
61

answered Jun 23 '13 at 13:10

Altaf Hussain

5,166
4
30
47

1

In Page Tab App case, it won't work, as it will navigate away from Page Tab – Raptor Oct 02 '13 at 04:33
1

If you're inside of a Canvas based app, this will also break out of the iFrame and take the user to the self-hosted application. Not desirable. – Adam Feb 25 '14 at 16:02
17

where did I use target="_top" ?? – Shailendra Madda Mar 09 '15 at 21:27
They're trying to login from within an iframe. They have an anchor tag LOGIN TO FACEBOOK. This will go to the iframes parent window (and its parent window if there is on, etc) and take the whole window to that url. If you are trying to use an iframe for logging your main window into facebook this won't help. – Oct 05 '15 at 18:56
Thank you @Altaf, that helped :) – ghuroo Feb 01 '17 at 16:42
really you saved me! – Shady Mohamed Sherif Mar 17 '17 at 07:02

score 3 · Answer 2 · edited Oct 23 '18 at 09:53

3

Use this line given below instead of header() function.

echo "<script>window.top.location = 'https://apps.facebook.com/yourappnamespace/';</script>";

edited Oct 23 '18 at 09:53

Suraj Rao

29,388
11
94
103

answered Oct 07 '13 at 10:38

Hemanta Nandi

141
1
4

score 1 · Answer 3 · edited Jun 12 '22 at 14:06

1

Just add

https://www.facebook.com/plugins/video.php?href=""

Before your link:

https://www.facebook.com/plugins/video.php?href="https://yourlink.com"

edited Jun 12 '22 at 14:06

Ygor Perez de Oliveira

46
7

answered Dec 04 '21 at 22:17

Taha

11
1

Leonardo Ciaccio · Answer 4 · 2022-05-23T19:10:25.320

0

In my case I had the same error, but for the comment plugin, I don't know if it helps but I solved it by inserting the moderation or administration meta-tag

<meta property="fb:app_id" content="&#123;YOUR_APP_ID&#125;" />

Anyway, if the user is not logged into Facebook you will still have the same problem. I hope I have been helpful, good work.

edited May 23 '22 at 19:10

answered May 22 '22 at 12:30

Leonardo Ciaccio

2,846
1
15
17

Loading Iframe Facebook (Load denied by X-Frame-Options)

4 Answers4

Linked