0

I have a vendor web application that sits within a frame being viewed with IE 11 on both Wondow7 and Windows 10. Emulation mode is set as default (Edge). The application functions properly most of the time. However, the application will randomly displays the error page "This content cannot be displayed in a frame". The headers being set are:

  • X-Frame-Options: SAMEORIGIN
  • X-Powered-By: Servlet/3.1
  • X-XXS-Protection: 1; mode-block

All content is coming from the same domain.

Everything I found on this topic so far relates to an issue occurring when the page is initially loaded not at some random point in time after page load. It also seems to occur not when the user is on the page but when they shift focus to another page or browser tab then return. Any Ideas?

John Norris
  • 1
  • 1

1 Answers1

0

You could try to change the X-XSS-Protection value to 0. From this answer, we can see that:

The token mode=block will prevent browser (IE8+ and Webkit browsers) to render pages (instead of sanitizing) if a potential XSS reflection (= non-persistent) attack is detected.

So this might be the reason why the content can't be displayed sometimes.

Besides, if you're trying to open HTTPS page from non SSL site, you can also get this kind of error. You could refer to this thread.

Yu Zhou
  • 11,532
  • 1
  • 8
  • 22
  • Tried that. Unfortunately that didn't resolve the issue. The problem isn't that it doesn't display the content, it's that it will display the content for a period of time then randomly display the content error page without user interaction. – John Norris Dec 17 '19 at 17:56
  • You have set `X-Frame-Options: SAMEORIGIN`, then IE will block rendering only if the origin of the top level-browsing-context is different than the origin of the content containing the X-FRAME-OPTIONS directive. There might be some cross domain content trying to display when the error shows. You could use the Network tab of F12 dev tools and Fiddler to track the network to see if there's something different when the error occurs. This could help to narrow down the issue. – Yu Zhou Dec 18 '19 at 07:00