Refused to display '' in a frame because it set 'X-Frame-Options' to 'sameorigin' with Looker

Question

I'm trying to display a iFrame with Looker SSO, I used looker_sso_tool to generate the Embed URL, and it shows the dashboard I want, however when I try to use the url with a localhost application it shows the error:

Refused to display 'https://xerpabr.looker.com/login' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

I also notice the requested URL from this tool has a Location Response of:

https://xerpabr.looker.com/embed/dashboards/2

While in localhost it is:

https://xerpabr.looker.com/login

I'm using the node_example of sso embed, just changing the return to display the iFrame, like so:

res.end("<iframe height=400 width=600 src=" + url + "> </iframe> ");

How can I solve that?

score 3 · Accepted Answer · answered May 28 '19 at 04:45

Could you try generating a URL from the tester tool (with preview turned off) and serving that exact URL from localhost? I suspect the problem may be with something in your script, even though you said you didn't change much.

That error is often a bit of a red herring that means your URL isn't authenticating properly— Looker sets x-frame-option headers on the login page that prevent it from being embedded, so if the generated URL doesn't work to log you in and instead redirects to /login, the error can appear. If you take a generated URL from your script and pass it through the Admin > Embed url verification tool, do you get any hints?

You could also try asking over on discourse.looker.com where there's a wealth of Looker experts!

Thank you! I could solve my problem by exploring the script, I'm not sure about what solve, but it's working now. — Felipe Augusto, May 28 '19 at 17:00

Refused to display '' in a frame because it set 'X-Frame-Options' to 'sameorigin' with Looker

1 Answers1