0

I've looked on SO and I can't seem to find a situation that helps me fix my issue.

I am using an iframe gadget on google sites to include a page from an intranet site of the company I work for into another intranet site I am working on right now. Like many I encounter the error 'X-Frame-Options' to 'sameorigin' making my iframe fail to work.

The thing is I only get this error when I am using Chrome. I tested the site with Firefox and it works just fine. The company has asked all employes to use Chrome only so it is rather annoying that it doesnt work for it.

I understand that this is probably due to the site being secured and refusing that people frame it, to avoid Clickjacking. However, it is rather important that I manage to frame the site into mine.

Is my only solution to go find the admin of the other intranet site so that he allows me to frame it? Or is there a work-around?

Just as information: the admin for the other site is not in the same country as me, making it difficult to reach out to him, this is mostly why I am trying to find a way around it.

Taum
  • 321
  • 2
  • 19

2 Answers2

1

If you're curious about browser compatibility for a specific feature, check CanIUse.com. See this question for a possible reason that your header isn't working in Firefox.

You should also note that x-frame-options is considered deprecated and is replaced by the frame-ancestors header. If you use both, x-frame-options will be ignored.

The answer to your question is: I hope not, because that would be a security hole. If the site owner doesn't want his stuff to be framed, it shouldn't be allowed in a frame.

If you need another site's content on your page, but iFrame isn't an option, you could try the answers given for this question.

John Wu
  • 50,556
  • 8
  • 44
  • 80
1

I have found the issue and I feel pretty bad for missing it.

The domain of the page I wanted to include in my frame is company-name.com, whereas the domain for mine is company-name.com.sg. This wasn't an issue on Firefox that seems to see both as the same domain. Whereas Chrome doesn't see them as the same, therefor I had to change my domain name to fix it.

So on Chrome always check that the domain is the exact same. Hope it helps anybody with the same issue.

Taum
  • 321
  • 2
  • 19