1

We've created a Facebook page which we want to open up in a Facebook tab. The url is: https://apps.facebook.com/taggifi_android

The web page is located at: http://www.taggifi.com/android-signup/

The error we are getting in Chrome's dev console is:

Refused to display 'https://taggifi.com/android-signup/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

There's a number of solutions that tell us to modify the X-Frame-Options. We've done that locally on the page by modifying the options to GOFORIT as per this Stack overflow question.

We've pulled out all javascript to see if any external references were causing issues, they weren't. We also modified the form POST url to see if that was causing the issue, since it's posting to campaign monitor. That didn't help either. What we can see in the dev console however is that the page appears to be hitting a 403 error on a POST. Hence we tried modifying the url.

Does anyone have any other solutions as we're all out of ideas and other solutions on here seem to have unrelated functionality? This is a pretty basic page that posts a form to campaign monitor.

We're coding in Python.

Community
  • 1
  • 1
lloydphillips
  • 2,775
  • 2
  • 33
  • 58
  • `GOFORIT` is not a valid parameter for `X-Frame-Options` so the browser response is likely to be a bit varied. Why don't you just remove the header altogether? –  Jun 08 '14 at 23:41
  • @MikeW tried removing also - no joy - asking the server guys presently whether something is adding it back in down the pipeline, will let you know the result of that but really keen for any other suggestions since the priority to fix this is pretty high and we're stumped. – lloydphillips Jun 08 '14 at 23:55
  • thanks @MikeW, the not valid parameter 'GOFORIT' got default to 'SAMEORIGIN' and this was the reason. We've been adviced to use it when there are only 'DENY', 'SAMEORIGIN' and 'ALLOW-FROM' valid for X-Frame-Options header – robertzp Jun 10 '14 at 00:22

0 Answers0